This marks that Microsoft has released a fix outside of its normal Patch Tuesday cycle; it wa s sparked by lessons learned from worm epidemics like Blaster and Slammer, which cost users billions of dollars to disinfect in 2003.
Though the new hole is a huge risk, protections put in place since the worms surfaced make another epidemic far less likely. Most important is Windows XP's default-on Windows Firewall: A worm crafted to attack the new flaw would have to establish an external connection, which firewalls usually block. If a PC has no firewall, however, or if it is set up to permit file sharing and an attack comes from an infected PC on the same network, the conquering worm could take over the targeted PC. Business networks, which typically have many PCs configured for file sharing, are thus at high risk.
Windows Vista and Windows Server 2008 have mitigating factors that reduce the risk from "critical" to "important," as rated by Microsoft. The company distributed the fix via Automatic Updates, but alternatively you can . That page also provides further information on the situation.
IE Fixes, Too
On its regular Patch Tuesday schedule, Microsoft supplied fixes for six bad holes in Internet Explorer, underscoring the need to upgrade to IE 7 as soon as possible.