Hackers are exploiting a critical and unpatched vulnerability in Windows Office 2003, 2007 and 2010, Microsoft Corp. warned yesterday.

The attackers are using a malformed image file viewed on a Web site or in an email message to hijack Windows PC, Microsoft said.

Microsoft initially said only Windows Vista and Windows Server 2008 were vulnerable to the attack but a McAfee Inc. security researcher who spotted the flaw last week said both Windows XP and Windows 7 could be affected by the malicious files.

Elia Florio, an engineer at Microsoft Security Response Centre said that machines running Office 2007 or 2007 are affected, no matter what operating system they are using. He also said, machines running Office 2010 on Windows XP or Server 2003 are at risk.

Office 2013, does not have the vulnerability, said Florio.

Read the whole story here