The Microsoft Blog notes that they are tracking a Proof of Concept exploit. It targets the Client Server Run-Time Subsystem. The blog states that initial indications are that you need to be authenticated before you can take advantage of it. It affects Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista.
...The vulnerability is caused due to a double-free error in the handling of HardError messages within WINSRV.DLL...