"Yes, the vulnerability is remote code executable," said the manager of Qualys' vulnerability research lab. "But I don't think they're trying to downplay it. WINS is not really needed anymore, unless you have some really old software, like SQL Server 2000."

Carey, Storms, Miller and Sarwate all believe that attackers will focus on the WINS vulnerability.

"This is a big deal," said Carey. "There's not an active exploit for this as far as we know, but if attackers are on the top of their game, they could have one in a week or less."

Carey said that hackers could use fuzzers -- tools that hammer at an application looking for a weakness -- to quickly locate the flaw in WINS. "We think it will be easy to do, and that they'll figure it out quickly," he said.

The most likely attack would not be against a Windows Server directly, but against a desktop or notebook PC within the network, Carey continued. "They could exploit a client [with another vulnerability] then pivot the attack to the server," he said. Once a hacker compromised a Windows Server system, he could pillage the machine for confidential information, account log-in credentials and the like.