The Patch:

Microsoft has released the patch to windows update.

Details:

"This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. " - Microsoft

Affected Software

Operating System	Maximum Security Impact	Aggregate Severity Rating	Bulletins Replaced by this Update
Microsoft Windows 2000 Service Pack 4	Remote Code Execution	Critical	MS06-040
Windows XP Service Pack 2	Remote Code Execution	Critical	MS06-040
Windows XP Service Pack 3	Remote Code Execution	Critical	None
Windows XP Professional x64 Edition	Remote Code Execution	Critical	MS06-040
Windows XP Professional x64 Edition Service Pack 2	Remote Code Execution	Critical	None
Windows Server 2003 Service Pack 1	Remote Code Execution	Critical	MS06-040
Windows Server 2003 Service Pack 2	Remote Code Execution	Critical	None
Windows Server 2003 x64 Edition	Remote Code Execution	Critical	MS06-040
Windows Server 2003 x64 Edition Service Pack 2	Remote Code Execution	Critical	None
Windows Server 2003 with SP1 for Itanium-based Systems	Remote Code Execution	Critical	MS06-040
Windows Server 2003 with SP2 for Itanium-based Systems	Remote Code Execution	Critical	None
Windows Vista and Windows Vista Service Pack 1	Remote Code Execution	Important	None
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1	Remote Code Execution	Important	None
Windows Server 2008 for 32-bit Systems*	Remote Code Execution	Important	None
Windows Server 2008 for x64-based Systems*	Remote Code Execution	Important	None
Windows Server 2008 for Itanium-based Systems	Remote Code Execution	Important	None

"Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." - NIST

UPDATE: Microsoft has just released more information on this.

"We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems that we discovered about two weeks ago through our ongoing monitoring. As we investigated these attacks we found they were utilizing a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analyzed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems. Our analysis also showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. Based on those two factors, we felt that it was in the best interest of customers for us to release this update before the regular November release cycle.We have also have detection for the malware we found used in attacks exploiting this vulnerability (TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Gimmiv.A.dll) in the signatures the MMPC is releasing today and sharing that information with our partners." - MSRC

UPDATE 2: Microsoft is providing more details at the webcast below.

UPDATE 3: More detail about MS08-067, the out-of-band netapi32.dll security update

UPDATE 4: The exploit code has been published on milworm.

Additional Reading:

Microsoft Webcast: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032393978&EventCategory=4&culture=en-US&CountryCode=US
MSRC Details: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
Microsoft Alert: http://blogs.technet.com/msrc/archive/2008/10/22/advance-notification-for-out-of-band-release.aspx
Nist Details: http://web.nvd.nist.gov/view/vuln/detail;jsessionid=a5fe3ed14945005c4adc2b12c6d2?execution=e1s1
Bulletin Details: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx