The various announcements are linked in my blog post. This update is particularly critical for anyone operating Windows XP.
http://securitygarden.blogspot.com/2008/10/out-of-band-critical-update-ms08-067.html
The same, but this time an explanation for the less technical amongst us
http://www.theregister.co.uk/2008/10/23/emergency_windows_update/
Don't delay, get this update today!
I got mine early on and had no problems at all with the install it went smoothly.
From the Technet blogs (http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx)
QuoteMost perimeter firewalls will block exploit attempts from outside your organization
If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability.
However, it is expected that malware writers will be actively attempting to exploit this vulnerability, please apply the update asap.
Quote"This vulnerability is pretty nasty," said Miller. "It affects every version of the Windows operating system. Attackers don't need to have any credentials or access to the machine. They don't have to trick the user into doing anything."
His biggest fear, he said, is that a worm will be developed to take over vulnerable machines en masse. And he fully expects that to happen. "You're talking about a vulnerability that does not need user interaction," he said. "That's a gold mine if you're trying to build a botnet."
Echoing Budd's call to action, Miller advises everyone to apply the patch immediately. "Normally I'll tell people you should test the patch," he said. "On something like this, I would definitely just deploy it as soon as possible."
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=211600270
Further information on this one from Juha-Matti Laurio of Securiteam
http://blogs.securiteam.com/index.php/archives/1150
QuoteQ: Is the exploit code of this vulnerability publicly released?
A: Yes. On Friday 24th October the proof of concept code was released on a blog of security researcher. The PoC has been released at several well-known exploit and security community Web sites too.