Excerpt from a news report I received the other day:With little warning, Microsoft released yesterday an unscheduled or "out-of-cycle" patch for a highly critical vulnerability that affects all versions of Windows. Security bulletin MS08-067 (patch 958644) was posted to warn of a remote-code attack that could spread wildly across the Internet.
Microsoft says it found evidence two weeks ago of an RPC (remote procedure call) attack that can potentially infect Windows machines across the Net with no user action required.
Windows Server 2003, 2000, and XP (even with Service Pack 2 or 3 installed) are particularly vulnerable. Vista and Server 2008 gain some protection via User Account Control, data-execution protection, and other safeguards, as explained in an article by Dan Goodin in the Register.
If you haven't patched in a while, now might be a good time.