From news.sophos.com
Over the weekend, several security researchers noticed that an unknown threat actor has been spreading a malicious Word document that appears to invoke a previously undisclosed vulnerability in Microsoft Office. The vulnerability permits the malicious document to open a URL and begin an infection chain.
The infection process leverages the Windows utility msdt.exe, which is used to run various Windows troubleshooter packs. The malicious document that abuses this tool invokes it without user interaction, and it can allegedly run even if you just “preview” the document in Windows Explorer (but only if it’s an RTF file).