Microsoft cautions that this problem only affects programs that do not load DLLs securely. In addition, users must visit an untrusted site and execute a file to initiate the attack.

Remote servers using Server Message Block (SMB) or web distributed authoring and versioning, WebDAV are vulnerable. Microsoft has a tool for IT pros that disables library loading from WebDAV shares, see KB2264107. Network Security Administrators should check that SMB is blocked at the firewall by default. TCP ports 139 and 445 can also be blocked, however; this should be tested first as some network functionality may be lost.    

This alert is important because it points out a new vector for the type of malware that steals personal information such as credit card account numbers and passwords and contributes to identify theft. The extent of the problem is still not known and may affect not only third party programs but Microsoft applications as well. However, Microsoft has not been forthcoming with information in this regard.