As of Thursday, November 28, an advisory has been issued by Microsoft for a zero day vulnerability in Windows XP that is being exploited. No fix/patch has been issued by Microsoft at this time. The vulnerability exists in the Windows Telephony API. The URLs below do provide some suggestions on modifying the registry to prevent the exploit. However, the modification is likely to break the operation of VPN connections. Only one virus definition has been identified as of this time. And the Sophos AV product has a signature for the malware. This should be just another wake-up call if you’re on Server 2003/windows XP to begin your migration efforts to newer products now.
Some URLs that provide more details include: