Microsoft have today admitted that they have received reports of a brand new vulnerability affecting all versions of Microsoft Excel.
Mike Reavey (security program manager) posted to the companys blog today explaining that users need to download and run a specially crafted Excel document in order for the attack to take place.
Secunia have rated the vulnerability as "Extremely Critical" which is their highest rating as 0day code is out in the wild and the vulnerability is being actively exploited.
Symantec are already reporting a trojan that drops malware onto machines using the undocumented vulnerability.
View: Microsoft's Response - Blog
View: Secunia Advisory
View: Symantec - trojan.mdropper.j