This vulnerability affects systems running the License Logging Service, which is used to manage licenses under a Client Access License (CAL) licensing model. As a result, it does not run on workstation operating systems. Further, domains that are not licensed under a CAL model, or servers in a domain that are not running the service, are not affected.
Microsoft engineers blogging on the Microsoft Security Research and Defense blog have suggested that reliable exploitation of this vulnerability for remote code execution will be difficult to achieve: Details on the License Logging Service Vulnerability
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the November 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for November 2009
Microsoft has corrected this vulnerability by validating string lengths in RPC calls to the service.