The vulnerability is a particular problem on Windows Server, as desktop versions of Windows are only affected if they are running a web server.
Microsoft has chosen not to wait until October's Patch Tuesday to release the update as the vulnerability is being exploited and there are attempts to bypass current mitigations.
According to Dave Forstrom, director, trustworthy computing at Microsoft, the update itself is fully tested and is being released through the Microsoft Download Center to allow concerned administrators and users to update their systems as soon as possible. Release is scheduled for around 10am on September 28 US PDST, or 3am on September 29, AEST.
Further testing is being carried out to check that distribution of the update via Windows Update and Windows Server Update Services will be successful, and the update should be pushed out through those channels "within the next few days".
Microsoft's security advisory concerning the issue is here.