Microsoft has issued a temporary fix for a vulnerability that can be exploited to install malware via infected Word documents. The fix is welcome, but the lesson for everyone is that sticking with older OSes and office suites can render you more vulnerable.
Like most Word vulnerabilities, this one would be most easily exploited by creating a specially-crafted document and sending it attached to a persuasive email designed to induce the recipient to open it. It doesn’t affect Word 2013, and only affects Word 2010 on XP and Windows Server 2003 machines. It’s potentially an issue for Office 2003 and 2007 across all Windows platforms.
The temporary fix created by Microsoft stops the exploit working, and there are also other workarounds available. However, users running a four-versions-old release of Office perhaps shouldn’t be totally surprised that vulnerabilities emerge.