Just as we expected, the exploit for the Web Office 0-day has been integrated into existing bot-net spread attacks. SANS and other folks began reporting that SQL injection compromises have now been tuned to include defacements with the embedded Web Office exploit.
If you have not yet deployed the kill bit solution referenced in this article: https://stateofsecurity.com/?p=709, you should do so immediately. Mass, wide-scale, exploitation of this issue is likely beginning and will continue for some time.
It would also be very wise to educate your staff about this issue since they will need to activate the kill bits on home systems as well until a patch becomes available.
Please note that you must reboot systems before they become immune to the exploit once the kill bits are installed in the registry.
Let us know if you have any questions or desire any assistance with the kill bit solution.