There's a fairly low-key but worrying bit of malware exploiting this at the moment: http://voices.washingtonpost.com/sec...exploitin.html

Don't been fooled into thinking that a worm exploiting MS08-067 will be just like the ones we saw a few years ago - there are several different ways that a client could get infected with a dropper that will then go off to scan and exploit a network normally protected by a firewall. You could simply add the dropper as a module to a typical drive-by download attack, for example.

POC code has been around for a few days, it clearly is possible to exploit this and the patch has been pretty comprehensively reverse engineered by researchers (and presumably also the bad guys).

If you're running a corporate network, then you should assume that you will eventually get hit by an MS08-067 based worm despite any countermeasures that you have in place. So patch now.