There is an active exploitation of a security flaw in all versions of Microsoft Word right now. The various online media have been saying this is a targeted attack but i’m seeing general infestations with this security issue. If your machines aren’t updated you first need to get all of your gear updated and then there is a patch available to repair the Word problem. Keep in mind this issue is capable and has bypassed several anti-malware packages: Norton, Microsoft security essentials, AVG are the ones I’ve seen bypassed. I’ve not had any clients behind Sophos utm products infected yet. it is not known if Office 2003 and older will get updated as they have officially gone out of support and aren’t being updated on a regular basis. If you are running office 2003 or lower you need to upgrade now. Either install Libreoffice or Contact ETC Maryland for assistance. if you install Libreoffice you also must uninstall Microsoft Office or you aren’t protected.
This issue is called a Zero day exploit which means the flaw wasn’t found by the “good guys” before it was actively being used by various attackers. I’ve had 3 machines come in within days of each other infected with malware that used this exploit. The fix is available online or you can call ETC so I can get your security updated and get you protected against this latest threat. Here is the Microsoft security bulletin and the automated fixit is here. You have to manually run this file on every affected machine. This only protects against the latest exploit. If you have not kept current on the other windows updates you are open to other issues that this fixit won’t protect you against. A more comprehensive fix it being worked on but until it is available this fixit is the best solution that ETC Maryland is able to recommend.