The Patch:

Microsoft has released the patch to windows update.

Details:

"This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. " - Microsoft

Affected Software

"Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." - NIST

UPDATE: Microsoft has just released more information on this.

"We discovered this vulnerability as part of our research into a limited series of targeted malware attacks against Windows XP systems that we discovered about two weeks ago through our ongoing monitoring. As we investigated these attacks we found they were utilizing a new vulnerability and initiated our Software Security Incident Response Process (SSIRP). As we analyzed the vulnerability in our SSRP process, we found that this vulnerability was potentially wormable on Windows XP and older systems. Our analysis also showed that it would be possible to address this vulnerability in a way that would enable us to develop an update of appropriate quality for broad distribution quickly. Based on those two factors, we felt that it was in the best interest of customers for us to release this update before the regular November release cycle.We have also have detection for the malware we found used in attacks exploiting this vulnerability (TrojanSpy:Win32/Gimmiv.A and TrojanSpy:Win32/Gimmiv.A.dll) in the signatures the MMPC is releasing today and sharing that information with our partners." - MSRC

UPDATE 2: Microsoft is providing more details at the webcast below.

UPDATE 3: More detail about MS08-067, the out-of-band netapi32.dll security update

UPDATE 4: The exploit code has been published on milworm.

Additional Reading:

Microsoft Webcast: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032393978&EventCategory=4&culture=en-US&CountryCode=US

MSRC Details: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx

Microsoft Alert: http://blogs.technet.com/msrc/archive/2008/10/22/advance-notification-for-out-of-band-release.aspx

Nist Details: http://web.nvd.nist.gov/view/vuln/detail;jsessionid=a5fe3ed14945005c4adc2b12c6d2?execution=e1s1

Bulletin Details: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx