The flaw in question, outlined in Microsoft Security Bulletin MS06-040, when successfully exploited could allow an attacker to take complete control of an affected system. The authors of Cuebot-L and M have successfully utilised this, and have given the worms the ability to spread via AOL Instant Messenger.
When one of these worms is successfully installed, it turns off the Windows Firewall and opens a backdoor allowing a malicious attacker to gain access to and control over the system. Microsoft is strongly urging users to install a patch for MS06-040.
"Microsoft is once again in the difficult situation of trying to convince its customers that Windows is becoming more secure, despite this onslaught of malware designed to exploit its vulnerabilities."
"As always, users are encouraged to take the necessary steps to ensure their PCs are properly protected with up-to-date security patches, antivirus software and a firewall as soon as possible."