Microsoft is releasing a security update to patch a critical vulnerability in the ActiveX controls included in all 32-bit versions of Office for Windows, among other products. If exploited with a malicious document or webpage, the vulnerability can allow attackers to execute remote code on their targets' systems, and according to Microsoft, "limited, targeted attacks" using malicious RTF email attachments have been spotted in the wild.
The security update, MS12-027, patches the vulnerability by disabling the ActiveX control in question and swapping it with a new one. It comes at the same time as five other updates, three of which are labeled critical (they could be used to propagate a worm), but due to the documented attacks, MS12-027 is the highest priority. In addition to the update, Microsoft is also offering a number of security-hardening suggestions that mitigate the problem and ones like it, but it still recommends applying the update "right away."