In October 2008, Microsoft issued a Security Bulletin and a Patch for Windows as MS08-067 describes.

Windows 2000 SP4, Windows XP and Windows Server 2003 fixes carry a Critical rating, whilst for Windows Vista and Windows Server 2008, an Important rating.

In November 2008, a worm known as Conficker or Downadup was discovered that exploits this vulnerability. Machines that have not been patched could be susceptible to being infected, and Conficker.D is expected to become effective 1 April 2009

Further information can be found on Microsoft Security Response Center and Microsoft Malware Protection Center

Have you patched your systems? If not, do it now. The fix has been publically available for 6 months already!