A US-based company was targeted with emails that were sent to the company from the outside but were spoofed to look like internal emails. The mail had a Word file as an attachment that used a previously–unknown vulnerability to install a backdoor, hid it with a rootkit and allow unrestricted access to the machine for the attackers, operating from a host registered under the Chinese 3322.org domain. 3322.org is a free host bouncing service in China; anybody can register any host name under 3322.org so this does not indicate that China was the origin of the attack.
Microsoft Security Advisory (919637) describes the following workarounds:
- Run Word in Safe Mode (winword.exe /safe)
- Open Word documents with the Word 2003 Viewer
- Do not use Word as the email editor in Outlook
The advisory does not recommend using a different office suite, for some reason, though it is unlikely that other office suites have the same vulnerability.