It has apparently been reported by Microsoft that a few exploits had been seen, and that the existence of attempts to infect was a factor in the decision to make an out of schedule release of the patch.
Additional information in this article:
1. This vulnerability is protected by most firewalls, so any original infection (behind a firewall) must be via "social engineering."
2. Once any machine behind a firewall is infected, the exploits seen thus far can spread between machines on a local network (LAN) where individual computers often do not have individual firewalls.
3. The worm embedded in infected machines has thus far been intended to collect personal information on users, such as passwords and account and credit card information.
4. Instructions for how to exploit the vulnerability have been published on "hackers website(s).
5. Network traffic scanning for vulnerable computers has increased by 25% in the past couple of days. Vulnerable computers are those a.) not behind firewalls and b.) without the patch.
6. Infected machines can be assimilated into botnets controlled by whoever gets an exploit onto the machine.
7. The article does not make clear whether a LAN server can be infected by an infected machine behind the server firewall, but this seems to be implied by descriptions of the vulnerability.