There's been a wave of malware attacks using a known security flaw in Microsoft Word. Thankfully, there's a fix available. So why are so many users getting infected?
First let's look at the attack. According to Naked Security, these Word-based attacks come via email. They've got a .doc Word file attached, and filenames like "Anti-Money Laundering & Suspicious cases.doc." They're actually .rtf, or Rich Text Format, files, with a hidden bug.
That bug contains the malware that will install if you open one of these email attachments. For this particular attack, there were two types of malware you could infect your computer with. "Toshliph" allows hackers to keep putting different malware on your computer, and "UWarrior" lets an attacker control your computer.