Last Friday Microsoft acknowledged another "zero-day" vulnerability affecting the Office Suite. "Zero-day" means malicious code used to attack the flaw has appeared on the internet before any patch has been released to fix the problem. This most recent attack involves Excel for both Windows and Apple computers. Attacks like this are often limited in scope, sometimes affecting just a few specific companies, however there are about half a dozen vulnerabilities in Office for which no patches are available. Each one may affect different programs in Office or different versions, with some also affecting Office for Mac.
What does all of this mean to you? It means we always have to be careful when opening attachments or Office documents posted on a web site. For any of these attacks to succeed, you have to open a maliciously crafted document. The advice people have given for years still holds true: don't open attachments from people you don't know. And continue that by not opening documents on any website you don't trust. You can't do this just when you hear about viruses going around--there is always a threat.