I just grabbed the first one on Google. There were so many to choose from.
Here then, here's one from December.
“Users of Windows Vista and Server 2008 can breathe easy as those packages are unaffected by the flaw. XP - running SP3 - is also clear of trouble.”
So the bottom line is that people who are running pirated versions of Windows that are not updated run some risk. OK.
“attacks would take the form of tricking users into opening an attachment, so it’s not an auto-execute risk,”