New 0-day Exploit in Microsoft Word

Microsoft just announced that there's a new 0-day attack that's exploiting a vulnerability in a slew of Microsoft Word versions. As of this moment, there are no patches for this Word vulnerability. No pre-path workarounds, either. Since it is a 0-day attack, there are no signatures, of course.

This is so dire that users are advised not to open Word documents, even if it's from a trusted source. Of course, this new 0-day comes right after Patch Tuesday, which allows maximum time before the next patch day.

Again, this particular attack is client-based, and can be detected by a honeyclient. We would like to incorporate this type of detection feature, in addition to what's already there. Perhaps we can detect this attack by implementing a HoneyClient Gnutella module, searching though P2P networks for Word files, and opening them. Another mechanism might be to have the honeyclient open attachments in emails to determine whether those attachments are malicious.