Well, I have a special situation when it comes to computers on the LAN. They have to be what we call secure trusted workstations (if there really is such a thing that is networked!) I can't go into much detail, let's just say they are used to process intelligence, and anything else is classified, so that's about all I can say.
I am gonna call bullshit on this.

Windows is not approved (nor does it even have the tools) to process multi-level data, which means that all systems would have to be at the same level. This means that it pretty much doesn't matter what workstations you connect since there are no labels to be maintained. Not only that, but Windows' security policy is too anemic to prevent data from being exported beyond the system. (no "email", "print", or per object NIC access controls)

Additionally MBSA or some similar (TFM supporting) tool would be require to ensure that all systems are sufficiently current and configured correctly all from a central point.

Seriously though, If you have a better NetBIOS exploit example, I wouldn't mind seeing at least a synopsis of what, how, why it works.
The specifics of a given exploit are not needed in this thread. Suffice to say, file sharing, like any service especially any superflous services merely increases the system's exposed surface, requiring greater effort on the system custodian to maintain the system in a secure manner.

A lot of users like to try and discuss very specific exploits and fixes, unfortunately this linear analysis doesn't address unknown vulnerabilities. People need to learn to look at security more thematically (removing unneeded services rather than patching them / place subjects in compartments rather than auditing the code)

cheers,

catch