Microsoft warns of Office-related malware Security - CNET News
Symantec underlined the seriousness of the flaw to CNET's Elinor Mills in November:
"One of the most dangerous aspects of this vulnerability is that a user doesn't have to open a malicious e-mail to be infected," Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. "All that is required is for the content of the e-mail to appear in Outlook's Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected."
Users of Microsoft Office should be sure to install the fix. You can use your Start menu to check for updates: Click the Start button, click All Programs, and then click Windows Update. Details of the MS10-087 update, including which software versions are affected, can be found here.