"usually a specially crafted Office or Adobe document"
And once again the lesson is : don't open attachments from people you don't know.
Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live — with a slew of caveats — the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. Let's start with the one that miscreants have already found and …
Well, the crims have thought about that.
So, they break into someone's mailbox who you know, well because they didn't know that rule, and then email you a hot load.
And in the words of that Faberge Organics ad... And they'll tell their friends- and so on, and so on
All attachments should be suspect. Period.
And remember, if someone has a big enough address book, the chances of the miscreant emailing a dodgy attachment to at least one recipient who is expecting an email with an attachment is also fairly high.
So make sure the text and the filename match up.
And when sending, the subject and body mist contain letters and or numbers describing the specific content attached.
Never send "here's the file you wanted".
So why on earth did they decide not to block all Office macros by default? I mean, it's not like they're getting a cut of the profits from antivirus firms, is it?
And it's not that big a deal. I mean, even people who use them often (like me) don't really find it much of a hardship to turn them on when we need them.
This post has been deleted by its author
Could be worse, just gone through W10 patching nightmare, KB5015807 + IE Enterprise mode site list + Application Guard = broken IE compatibility, resolution emergency removal of Application Guard via SCCM to estate. Not bad first patch after officially killing IE11 and Microsoft screw it up !!