I sat through a presentation on this yesterday and there's no doubt that the SMB is the biggest security threat this year. NT is almost definitely vulnerable in theory, as well as XP/2000/2003.

The only good thing is that it is extremely difficult to exploit the vuln to run arbitary code. However, the analyst said that *are* people who will probably be able to do it. However, creating a DOS attack based on the flaw is much easier.

In any case, once a POC (proof of concept) is released it will probably be only a couple of days before it finds its way into some malware. Of course, if that POC runs arbitary code then we have a very serious problem indeed.

REMEMBER: Although a firewall will mitigate the problem, you will only be protected until either some luser brings an infected laptop into your organisation, or some virus or other malware drops and exploit in after being delivered via email or a browser vulnerability.

So.. patch patch patch patch patch.

Incidentally, for NT servers the eEye Blink product might offer some protection. I'm certainly going to have a look at that product in the next couple of days.