Information has been circulating online regarding Sandworm, a vulnerability affecting Microsoft Windows versions from Vista SP2 onward, and Windows Server 2008 onward.
Despite the name, the Sandworm bug is not known to be exploited by self-propagating malware. Instead, attack code is currently reported to be delivered via a malicious PowerPoint document.
Indications are that Microsoft will be releasing a patch soon, but it is likely that more malware authors will attempt to exploit the flaw in the coming weeks. This is a good opportunity to remind everyone to use caution when dealing with all email attachments, and to be particularly wary of attached PowerPoint files.