The issue can be exploited via USB drives, network shares, and WebDAV. It does not use the AutoPlay feature.
Microsoft has suggested three workarounds while a permanent fix was being developed: a registry change that disables the display of shortcut icons, disabling the WebClient service, and using a network firewall or similar to block the download of LNK and PIF files from the Internet.
The vulnerability is being exploited in conjunction with the Stuxnet malware, which is now blocked by most, if not all, security products.
Microsoft has now released an automated 'Fix It' to suppress the display of shortcut icons. The Fix It works on Windows XP, Vista, Windows 7, Server 2003, and Server 2008.
The Fix It is not without its problems - see page 2.
According to Symantec, Stuxnet is a high-quality rootkit initially seen most commonly in India, Indonesia and Iran. Part of its function appears to be to access SCADA (supervisory control and data acquisition - ie, industrial control) systems, leading to suggestions that the motivation might have been commercial or state-sponsored espionage, or terrorism.