Running Symantec Mail Security for SMTP? Stop what you're doing and download the patch (patch 176 at the time or writing).
Seems like a craftily-crafted incoming message can cause a buffer overrun. This may lead to code execution. [Update: Symantec now confirms that they see no chance of arbitrary code execution, merely denial of service.]
Currently being exploited. The code in question tries to infiltrate a Microsoft SQL Server, presumably in order to steal passwords. Another good reason to segment your servers so that they each have a single role; perhaps using virtualization.
Of course, a patch for this bug has been available for eight months, but that doesn't seem to have stopped exploits causing some trouble over at Turner Broadcasting System.
So run: don't walk. More at US-CERT.