There is a new windows vulnerability that effects all versions of windows including older versions like windows 2000, NT, XP SP2 are no longer receiving updates from Microsoft due to them no longer being supported.
User does not have to run a file to trigger this type of worm. Simply having a files icon displayed will trigger the malicious code. Even displaying a favicon icon that is from opening a website can trigger the malicious code to run on the users computer.
Hopefully microsoft will jump on this quick and release updates for even those older versions of windows that no longer recieve updates.
basically all windows users right now are vulnerable and can be infected via USB, network share, websites, etc...