BleepingComputer.com: New Ms Office Zero-days

Last week was spent combating a slew of exploits for the vulnerabilities patched by Microsoft on April 3.

Yesterday saw the release of several Microsoft Office zero-day exploits in security forums. Some of these flaws may allow for remote code execution. McAfee Avert Labs is investigating all these zero-days. Today is Patch Tuesday for April. So, yes: this is yet another time that zero-day flaws have been published around a Patch Tuesday, possibly to maximize the public’s exposure to these flaws until the next month’s Patch Tuesday.

Hot on the heels of yesterday's batch of updates from Microsoft patching five critical Windows vulnerabilities come reports of new zero-day exploits, some that appear to allow the commandeering of a PC. They underscore a growing pattern in which miscreants release their payloads shortly before or after Patch Tuesday...

Microsoft is investigating public reports of vulnerabilities in Microsoft Office.

Reports of several new security holes in Microsoft Office have been made public on known exploit sites. The company did not release specific information about the vulnerabilities, citing potential risk to users...