There has been a zero-day-vulnerability reported in Word and WordPad that is used in the wild. Microsoft has issued a patch to close this vulnerability on April 2017 patch day.
Advertising
I've blogged about that in my article Warning: Dridex botnet addresses Word zero day vulnerability. An analysis may be found here and here. Dridex botnet is using this vulnerability to infect million Windows systems.
On April 11, 2017 Microsoft released a couple of security updates, and also CVE-2017-0199 (Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API) has been addressed.
Microsoft has deleted the original article dealing with CVE-2017-0199. But there is KB4014793 (Security update for the Microsoft Office remote code execution vulnerability: April 11, 2017) providing some information.
Microsoft offers patches for Office 2007, 2010, 2013 and 2016 and also for all supported Windows version (due to WordPad vulnerability). Details has been published within the removed Microsoft CVE-2017-0199 article (https:// portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199). As far as I understand, the patch just blocks the EPS import filter. Nevertheless install this update immediately.
