"In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an e-mail attachment or otherwise provided to them by an attacker," the spokesman said in an e-mail. "Opening the Excel document out of e-mail will prompt the user to be careful about opening the attachment."
While the flaw could result in system damage, a careful user shouldn't have to worry. In office settings in which documents are routinely emailed, however, extra precaution is advised. No word yet from Microsoft about when a patch can be expected.