On Tuesday November 5th, 2013, Microsoft published Microsoft released Out of Band Security Advisory (2896666)
No patch is currently available, however Microsoft issued a "Fix it" for this.
https://support.microsoft.com/kb/2896666
Reference
Microsoft Security Advisory (2896666)
http://technet.microsoft.com/en-us/security/advisory/2896666
Symantec has confirmed that the targeted emails containing the 0-day are pre-emptively caught by Symantec.Cloud. Symantec is also creating Bloodhound.Exploit.525 to cover this vulnerability. Detection may also be seen as Trojan.Hantiff.
IPS Signature 27137 (Web Attack: Microsoft Office RCE CVE-2013-3906_2) will also be released later today to block the network activity associated with this threat.
Reference:
https://www-secure.symantec.com/connect/symantec-blogs/security-response
The use of the 0-day has been confirmed to be linked to Operation Hangover, upon which Security Response reported in May 2013. A new public blog in relation to our coverage and connection to the Operation Hangover attack has now been released: New Zero-day Vulnerability Used in Operation Hangover Attack