Simply block MS Office from running certain system processes and block it from making outbound connections, problem solved. A tool like OSArmor will most likely easily block this attack.
Right, and also keep patched, since this exploits a CVE from 2017. Even just utilizing built-in O/S features will defeat so many of these exploits, but most authors, not this one, will instead try to sell you their latest anti-malware solution to keep you protected