PC Magazine reports in this article that the Bagel worm exploits the vulnerability talked about in Microsoft’s MS03-040 update without requiring the user to do anything other than view the email, even in a preview pane.. If you haven’t applied the update, do it now or switch to an email client like Thunderbird or Mulberry or PINE.