InfoWorld reports that Apache 2.0.40 has been released to fix a vulnerability similar to the one that Code Red, Code Blue and Nimda exploited with IIS. UNIX versions are unaffected. (This must be what the Apache group meant when it said that Apache 1.3.x was "not ready for production use on Windows.")