Microsoft has released the update, MS08-067, which will soon hit Windows update as well. My source told me this was an SMB flaw, but he was only partly right.
The vulnerability lies with the Windows Server service, and more specifically with Microsoft's implementation of "remote procedure call" (RPC), a communications technology deeply embedded in the Windows operating system that allows a program to execute another process on a remote system. RPC vulnerabilities are extremely dangerous, as they can be used by a computer worm to spread malicious software to machines on a network with lightning speed. The infamous "Blaster worm" that attacked Microsoft and infected millions of Windows PCs in Aug. 2003 is probably the most recognizable example of malware exploiting an RPC flaw.
Microsoft does not release these so-called "out-of-band" updates lightly. I would highly recommend applying this patch as soon as possible, either by visiting Windows Update or enabling Automatic Updates. A quick scan with Windows Update on my Vista system offered the patch, which installed without incident (requires a reboot).