Probably: [security-focus.com...]

Multiple vendors are prone to an information disclosure vulnerability when running on Hyper-Threading (HT) processors. This issue is due to the shared memory cache associated with the virtual CPUs in an HT-capable CPU.

This vulnerability allows local attackers to obtain sensitive information that can lead to privilege escalation.

The issue affects certain operating systems when running on HT-enabled processors. The operating systems must be operating with multi-processing enabled for this vulnerability to be exploitable. True dual-core CPUs that do not share caches across CPUs are likely not affected by this issue.

If you're using a dedictaed machine as a web server that's only running 'your' or other trusted code, leaving it on isn't a problem. On a shared box, when you don't know what anyone else on the box is up to, it depends on how secure your data needs to be. I wouldn't leave HT on when processing CC payments on a shared machine.

The HT exploit is a 'local' exploit, i.e. you need to run special code on the machine.