Microsoft is aware of the zero-day , but it 's highly unlikely it will be able to deliverVulnerability-related.PatchVulnerabilitya patch until its next Patch Tuesday , which is scheduled in three days . McAfee researchers , who disclosedVulnerability-related.DiscoverVulnerabilitythe zero-day 's presence , sayVulnerability-related.DiscoverVulnerabilitythey 've detectedVulnerability-related.DiscoverVulnerabilityattacks leveraging this unpatched vulnerability going back to January this year . Attacks with this zero-day follow a simple scenario , and start with an adversary emailing a victim a Microsoft Word document . The Word document contains a booby-trapped OLE2link object . If the victim uses Office Protected View when opening files , the exploit is disabled and wo n't execute . If the user has disabled Protected View , the exploit executes automatically , making an HTTP request to the attacker 's server , from where it downloads an HTA ( HTML application ) file , disguised asAttack.Phishingan RTF . The HTA file is executed automatically , launching exploit code to take over the user 's machine , closing the weaponized Word file , and displaying a decoy document instead . According to FireEye , `` the original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link . '' While the attack uses Word documents , OLE2link objects can also be embedded in other Office suite applications , such as Excel and PowerPoint . McAfee experts sayVulnerability-related.DiscoverVulnerabilitythe vulnerability affectsVulnerability-related.DiscoverVulnerabilityall current Office versions on all Windows operating systems . The attack routine does not rely on enabling macros , so if you do n't see a warning for macro-laced documents , that does n't mean the document is safe .