The flaw was reported to Microsoft in 2008, and ever since, Microsoft has been working to get a fix out. At least, that's what the security researcher who actually discovered the flaw said. He explains that the nature of the flaw is one that makes it difficult to fix. "The actual mechanics of the vulnerability aren't standard and that's kind of what took Microsoft so long," he said, "They were definitely working diligently to fix the problem. It was more the nature of the flaw that took so much time."
Apparently, Microsoft agrees with this viewpoint (surprise). "Not every issue is the same as far as the level of work we need to do to be comprehensive in making sure we fix not just the issue reported to us but any similar issues," Microsoft's Mike Reavey, director of the Microsoft Security Response Center, said, "If we release an update that breaks apps it doesn't protect anybody because they won't install it."
A temporary fix is out now, so if you're running Windows XP or Windows Server 2003, go to this page and click the big fix it button.