Office is one big hunk of software, and by hunk I don’t mean Arnold Schwarzenegger. After decades of adding more and more features, this thing is bigger than Donald Trump’s ego. And anything that big is hard to protect. So, Microsoft constantly patches/updates its #1 money making software suite. And hackers constantly look for new holes — and sometime find them in old holes we thought were fixed.
That’s the case with a patched hole in Microsoft Word. This hole let hackers create malicious DLL files and sneak them into e-mails. Once you open the e-mail and then the infected Word doc, you’re hosed. What’s that got to do with me, you might ask? Hackers know not everyone is up to date with patching. “The most current exploit makes use of an ActiveX control embedded in a Word document file,” wrote Takayoshi Nakayama, a researcher at Symantec, in a blog post. “When the Word document is opened, the ActiveX control calls fputlsat.dll which has the identical file name as the legitimate .dll file used for the Microsoft Office FrontPage Client Utility Library.”
Of course once you are infected the real fun begins. Hackers then blast you with malware and wreak havoc on your machine.