Interesting discussion, I have tested this exploit in a controlled environment. It is far too easy to get access. Their is a threat noone has discussed. Firewalling will keep the external threats out, but what about the joker who is employed at your company, who is already on your network. It only takes one to escalate their privelages (spelling?) and steal your company database or .......you get the picture. System Administrators need to patch all their systems regardless of their external presence.