Malware writers have created a Trojan which uses an unpatched vulnerability in Microsoft Office to take over Windows PCs. Known as the Hesive Trojan, the malware is disguised as a Microsoft Access file. Once you are stupid enough to open such a file, malware takes advantage of a five-month old buffer overflow flaw in Microsoft's Jet Database Engine software to seize control of vulnerable machines.
In a statement sent via email on Friday, a company representative said: "Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office." The software maker is investigating the issue and will take "appropriate action", the representative said.