The fact that most enterprise networks block the exploitable ports (139/tcp and 445/tcp) helps mitigate the risk associated with this vulnerability. Allowing unfiltered inbound access to systems on these ports can allow for a misuse of production systems. Administrators should consider blocking untrusted networks accessing these ports.
Administrative users can remotely access the PnP service on Windows XP SP2 and Server 2003 machines. Due to the privileges imparted on administrators, exploitation of the issue in this manner is unlikely.
Administrators are advised to apply the appropriate updates during the next scheduled patch cycle. Windows 2000 systems accessible via untrusted networks or by untrusted users should apply the appropriate update
as soon as possible.
Exploit code is available for this vulnerability, and may increase the likelihood of an attack.
Reports indicate that malicious code exploiting this vulnerability has been found in the wild. Currently infection rates are low, but as new variants of the worms are produced the infection rate may increase. Cybertrust is reporting on the Zotob worm in alert 9591 and Sdbot in alert 4917.
Only Windows XP systems that are not members of a domain can enable Simple File Sharing.