Windows 0-day exploited in ongoing attacks, temporary workarounds offered

The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object.

Microsoft is still investigating the matter and deciding whether they will issue an out-of-band patch or wait for the next Patch Tuesday to plug the hole.