Microsoft issued a security advisory on October 21st stating that the vulnerability, which allows remote code execution, is found in all supported versions of Microsoft Windows, excluding Windows Server 2003. The threat is triggered by opening