Here's a statement from Microsoft today
Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed.
At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint.
What's the net/net? Don't open attachments from people/places you don't know. Also - make sure if the security box pops up in windows 7/8 you read what it's trying to do to your computer instead of just saying "ALLOW"
Here's the link to the full Microsoft article: https://technet.microsoft.com/library/security/3010060