Microsoft reported on its Exploitability Index, which is calculated for each patch released, that there is a high likelihood of "consistent exploit code" for the WINS vulnerability on Windows 2000 Service Pack 4. For the other affected platforms, Windows Server NT and 2003, Microsoft said that "inconsistent exploit code" was likely.

Eric Schultze, CTO for Shavlik Technologies, said last week that the WINS issue "is an unauthenticated server-side attack --  the bad guy simply points and shoots some packets at the WINS server and they can execute code of their choice on that server." He noted, however, that the attack is most likely to come from inside a user's network because the necessary port --  Port 42 -- to execute the attack is usually blocked at the Internet firewall.

Regardless, his recommendation was to "patch this right away on your WINS servers."

Andrew Storms, director of security operations for nCircle, also said last week that the WINS vulnerability could become a "potential worm vector."

Follow John on Twitter: twitter.com/johnfontana