They struck again yesterday. Another server was exploited with an unpatched buffer-overflow and they managed to get very deep into the system. Definate evidence of a password-hash grabber, and a likely key-stroke logger as well. With that info, we ended up changing our admin passwords on all Windows machines. A large undertaking.
In other news, Microsoft has released v1.2 of their Baseline Security Analyzer.