Exploit code related to this vulnerability exists publicly, and active exploits are occurring in the wild.
Exploits of this vulnerability do not require any user interaction. The systems most at risk to exploits are workstations and servers that allow access to Server services through host-based firewalls. All systems hold the same risk, regardless of the affected operating system, as the Server service on each affected version runs with SYSTEM privileges.
The update available from Microsoft corrects this vulnerability by properly limiting message lengths before they are used in memory operations. This update addresses new vulnerabilities and does not protect systems from the issues detailed in MS06-035. Thus, administrators
are advised to apply the updates from both bulletins.
Malicious code that may exploit the vulnerability is in the wild. Currently, there are few reported cases of infection; however, the rate of infection may rise as new variants are released. IntelliShield is reporting on the malicious code as W32.Wargbot in Alert 11520.