The ISC is reporting that there's some exploit code available for MS04-22. But I have to admit that I'm still scratching my head on understanding the nature of this security vulnerability.

I've re-read the MS bulletin several times and despite warnings of "remote code execution" it seems to me that the only way of infecting a machine is to send a specially crafted .JOB file to the target PC, presumably via email or some other mechanism. In which case, surely the exploit for this is basically a standard email-based virus rather than a Sasser/Blaster-like worm?

And if the only way to infect a machine is to send a .JOB file through email, then surely a quick and easy defense is to block .JOB files on your mail system? Yes, I know you should patch systems with the relevant KB841873 update but like a lot of real-world organisations it's hard to get 100% of systems patched and secured.

So am I misunderstanding the potential attack vector for MS04-22, or is it really not as bad as some of the reports suggest?

Incidentally, Foundstone have a scanner for this vulnerability here .