Attacks that target applications are becoming more common. This marks a change from recent years, in which the most dangerous attacks and worms focused on vulnerable operating system and network services such LSASS (Local Security Authority Subsystem Service), RDP (Remote Desktop Protocol), and others.

In March, Microsoft patched seven critical holes in the Microsoft Office suite, which includes Microsoft Word, which could have allowed remote code to be run on vulnerable Windows systems. (http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx.)

The latest vulnerabilities in Office applications are different from an earlier generation of threats, like the "Melissa" virus, which used a loosely secured macro programming language in Word to propagate. The new attacks target holes in the applications themselves to take control of Windows systems, which can then be mined for sensitive information or used as "zombies" to send out spam, distribute malicious code or launch denial of service (DoS) attacks.

Companies commonly blocked Word attachments in the days of "Melissa," but restrictions may have eased in recent years, as Macro viruses faded into the history books and malicious activity shifted elsewhere, Hypponen said.