iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign
http://www.isightpartners.com/2014/10/cve-2014-4114/
Listed as Security Update for Windows (OS version) (KB3000869). If you have this successfully installed, then Microsoft has covered it.
If you don't have it, or have had problems getting it to install properly, a link to the fix and file is here:
https://technet.microsoft.com/library/security/ms14-060 Click the blue url link under
Affected Systems for your exact operating system version and you will be taken to a page where you can download the security fix directly. Double-click (with admin permissions) that file to run it and reboot after the fix completes. Exploit has been used for targeted attacks per Asyn's link, but home users should install this update if they have not done so already.