Microsoft has released a patch today for all editions of 2000, XP, Server 2003, Vista and Server 2008. Microsoft recommends that customers apply the update immediately.  It is important enough for Microsoft to release this as an extra update, rather wait for the usual 2nd Tuesday of the month.
You can read about it here: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
According to http://www.dshield.org/diary.html?storyid=5227 Microsoft have already detected limited, targeted attacks exploiting this flaw in the wild.