An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. Microsoft mentions that they are aware of active exploits against this vulnerability and at the moment there is no patch, just a a workaround. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft advisory…

If you open System Restore and try to choose a restore point but the calendar is missing, it’s probably the Hypertext Markup Language Component associatiion (.htc) that is missing or corrupt. Cut and paste everyting below into notepad, save it as a .reg file, and then double-click on it and let it put the information into the registry: Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT\.htc]“Content Type”=”text/x-component”@=”htcfile”[HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/x-component]“CLSID”=”{3050f4f8-98b5-11cf-bb82-00aa00bdce0b}”"Extensi on”=”.htc”HKEY_CLASSES_ROOT\CLSID\{3050f4f8-98b5-11cf-bb 82-00aa00bdce0b}]@=”Microsoft Html Component” [HKEY_CLASSES_ROOT\CLSID\{3050f4f8-98b5-11cf-bb82-00aa00bdce0b}\InProcServer32]@=”C:\\WINDOWS\\System32\\mshtml.dll”"ThreadingModel”=”A partment”"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htc]“Content Type”=”text/x-component”@=”htcfile

[ Read the rest of the story in the original article... ]