I went through the same ordeal with MS about a week ago. I reported an old ass vulnerability, gave them 2 or so weeks to do something and got nothing. I released it to Bugtraq and had a few piss ants bitching that I wasn't reponsible with my disclosure.

Anyway, rant over.

I tested this too and scripted it with TCPReplay and BLAMMO, all W2K3 servers (fully patched) in my rack were locked dead through the actions of a PII linux lappy. Gotta love it.