critical security update that was released last week, if you haven't already - see Security Bulletin MS08-067 for download links (click on the name of your version of Windows e.g. (direct links:) Windows XP Service Pack 3 or Windows Vista and Windows Vista Service Pack 1, to get to the download page for your operating system version).
There's already malware out there called Gimmiv.A which will send your system information and certain passwords stored on your system (e.g. Outlook Express) to the bad guys.
But potentially it's worse than that - as Microsoft put it, the security vulnerability "could allow an unauthenticated remote attacker to compromise your Microsoft Windows-based system and gain control over it".
So go patch your system immediately by downloading and running the MS08-067 security update, if you've not done it yet.
(Via Heise Security who have more links e.g. to a post showing what Gimmiv.A does.)