There are current concerns around:
Microsoft MSHTML Remote Code Execution Vulnerability
which is yet to have a patch made available.
I found this excellent article:
CLICK ME IF YOU CAN, OFFICE SOCIAL ENGINEERING WITH EMBEDDED OBJECTS
which provide some PowerShell scripts to create Word documents that can be used to test for the vulnerability.
I have run these scripts to create the actual Word documents and uploaded them for you here:
Office365/example at master · directorcia/Office365 (github.com)
In both cases, when you open these documents, you should NOT be able to get CALC.EXE to execute on your system unlike what you see above and below.
I have also added these tests to my security testing script which you can download from my GitHub repo here:
Office365/sec-test.ps1 at master · directorcia/Office365 (github.com)
When I opened these documents in my production environment, the vulnerability was largely blocked thanks to Windows ASR which I have detailed previously:
Attack surface reduction for Windows 10
You can use the follow KQL query as I did above to view the result of this blocking if you are using something like Azure Sentinel like I am:
Another great security add on for Microsoft 365
KQL:
DeviceEvents
| where ActionType startswith ‘Asr’
CIAOPS 