This vulnerability is caused by how Windows handles DLL files. When programmers create a program they are supposed to specify the specific locations that their applications will load DLL files from. If they do not specify the location, then Windows will search for the desired DLL in numerous locations on a computer. The vulnerability can be exploited because Windows will attempt to load a DLL from the same folder as a file that is being opened by the application.
This vulnerability could then be set off when a user opens a file in a folder, remote file share, USB drive, etc that also contains a malicious DLL that has the same name as a legitimate DLL that the application would normally open. As Windows will attempt to open a DLL from the same folder as the file, Windows will instead load the malicious DLL and not the legitimate one. Once the malicious DLL is loaded, the malware/hacker have access to do what they want on your computer.
Though, this is not the first we have heard about this vulnerability, the latest news has definitely fired off a storm of updates by software vendors to fix their applications. Unfortunately, this problem is not one that can be fixed by Microsoft as it will break far too many programs. Instead software vendors should follow the practices put out by Microsoft that explain how a program should specify the specific locations a program's DLLs should be loaded from. As numerous programs have not been following these policies, they need to update their programs to resolve these security issues.
Therefore, it is important that you make sure your computer has the latest updates for the programs that you use. A great tool for finding vulnerable and out-dated programs is Secunia PSI. A tutorial on how to use this program can be found here:Microsoft Security Advisory (2269637), which explains this vulnerability as well as provides methods and a tool that can be used to disable the loading of libraries from remote network or WebDAV shares. There is also an unofficial list of vulnerable applications here.
I suggest everyone use Secunia PSI and read the Microsoft advisory in order to properly protect your computer.