Given the situation, I believe these two articles should be read together and discussed.  On a day when Microsoft is discussing and warning users about another zero day vulnerability in an Office product, we need to take a moment and realize that updating, patching and ultimately upgrading Office is a truly important component of any IT security program.

https://www.tripwire.com/state-of-security/security-data-protection/microsoft-advisory-office-dde-malware/

https://www.infosecurity-magazine.com/news/most-organizations-run-outofdate/