updated 04:08 pm EDT, Mon March 24, 2014
No patch currently available, but mitigation of the problem possible
Microsoft has issued an advisory to users of its Microsoft Word application. In the note, the company says that remote code execution is possible if users open a maliciously crafted rich-text format (RTF) file, or open the same maliciously-crafted file in Outlook while using Microsoft Word as the email viewer. Outlook 2010 through 2013 default to using Microsoft Word as the email viewer, making users more vulnerable to attack.
Security advisory 2953095 includes a one-click "fix-it" file to address the known vectors of attack. Alternatively, a restrictive firewall will block some aspects of the attack. Microsoft's Enhanced Mitigation Experience Toolkit (EMET) version 4.1 with the recommended settings also prevents the attack.
The flaw exists in nearly all versions of Microsoft Office from 2003 through 2013, including Microsoft Office for Mac 2011.