According to the researchers, a victim opening a suspicious Word file – embedded with an OLE2link object – in an email would trigger winword.exe to initiate an HTTP request to the attacker’s remote server. This results in the download of a malicious .hta file (HTML Application executable) on the victim’s machine. To the user, the HTA file appears as a Microsoft Rich text document with a .doc extension. It also conceals the file from anti-virus software on the machine.
The HTA file runs malicious scripts to terminate winword.exe, which is done to hide the “user prompts generated by the OLE2link.” The exploit shows some bait Word document to the user while it’s busy downloading extra payload in the background.
The zero-day attack disclosed by the researchers affects all the versions of Microsoft Windows and MS Office. However, Microsoft is aware of the vulnerability and we can expect a patch in the near future.
Meanwhile, you can use countermeasures
The Protected View feature built into Microsoft Office makes the attack vector ineffective. You can use it to open attachments until Microsoft releases security fixes. Also, you should refrain yourself from obtaining Office files from untrusted locations.