As a general rule, you should never open a file from anyone that you aren’t expecting. If your best friend or family member sends you a file you didn’t ask for, email them and make sure they sent it. This exploit bypasses the disabled macro settings and is very devious.
According to researchers, this zero-day attack is severe as it gives the attackers the power to bypass most exploit mitigations developed by Microsoft, and unlike past Word exploits seen in the wild, it does not require victims to enable Macros.
Due to these capabilities, this newly discovered attack works on all Windows operating systems even against Windows 10, which is believed to be Microsoft’s most secure operating system to date.
Besides this, the exploit displays a decoy Word document for the victims to see before terminating in order to hide any sign of the attack.