Microsoft is warning Windows users that they're vulnerable to a new zero-day flaw that attackers have been exploiting to remotely execute arbitrary code.

"At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint," Microsoft says in a security advisory issued late on Oct. 21. It says the flaw in Microsoft OLE is present in all versions of Windows except for Windows Server 2003