The funnel for detecting exploits in Microsoft Word has gone from a billion reports a month to a few thousand by narrowing down attacks that occur when a user first opens a document. It is rare for exploits to occur when a user has been in Word for an extended period.