These security holes, according to ISC-CERT, are of the worst possible kind. They can be exploited remotely and exploits are already publicly available. Adding insult to injury, ISC-CERT added, "An attacker with a low skill would be able to exploit these vulnerabilities."
All NTP Version 4 releases, prior to Version 4.2.8, are vulnerable and need to be updated to Version 4.2.8. Unfortunately, the NTP site, as of 5 PM Eastern time, has been going up and down. It's not clear if this is the result of heavy demand, a DDoS attack, or some other unrelated cause.