UPDATE: Microsoft has released a patch for CVE-2021-40444 as of 9-14 ... but that doesn't mean its been installed on your systems yet, so check! The KB varies by distro, but it should be around KB5005565-KB5005568 for recent Windows 10 x64 versions.
CVE-2021-40444 is a new remote code execution vulnerability in Windows that involves embedded ActiveX controls in Office document files (.doc, .docx, .docm, .dochtml). All versions of Windows, including Server distros, are impacted.
Exploits of this vulnerability are in the wild now. The Windows preview pane plays a role in the vulnerability; I haven't seen an example of the exploit, but Microsoft's recommended steps for mitigation involve disabling the preview pane for relevant file types.
No security patch is available yet, but it is possible to mitigate the threat. Below, I've embedded code for a registry key that you can use to automatically patch your Windows 10 PC. The registry key simply automates Microsoft's recommended mitigation steps I described a moment ago.
Copy and paste the code below into a text file. Save that file with a ".reg" file extension (here is how to do that if you aren't sure how to do that).
Remember to backup your registry before installing the .reg file!