MS has even written a patch for XP and 2003, so it seem like quite a serious vulnerability.
Quick workarounds to save people looking:
Block port 3389 at the perimeter, stopping unsolicited RDP inbound traffic
Enable Network Level Authentication on all RDP connections (means attackers need to authenticate, mitigating the vulnerability).
Then get the latest patched installed (*** Subject to your normal patch testing procedure, of course ***)