It's not surprising to see a new exploit for MS Word that is being used to run malicious code. It only confirms my belief that workstations/users are the prefered entry point for attacks. Interner facing servers are usually well protected and monitored. Workstations are usually bad configured, not patched and placed in flat and not monitored internal networks. Yummy!

SANS Internet Storm Center has published some tips for defense against this threat. I'm glad to see honeytokens being proposed. In fact, the whole list is very good. My favorite itens are monitoring and blocking outbound traffic and limiting data on desktops. The kind of security measure that is effective against lots of threats and does not depend on previous knowledge of the attack being used.