FireEye discovered CVE-2017-8759 flaw patched by Microsoft this week.

https://www.darkreading.com/endpoint/microsoft-office-zero-day-spread-surveillance-software/d/d-id/1329884?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple