"We'll see proof-of-concept code that takes over the system within 48 hours," Murray said.
"It's only a matter of time or luck before this turns into the scale of MSBlast. Essentially, every Windows system is vulnerable. This is one of those worst-case 'pull the plug on the Ethernet cable' events."
Early Thursday, Christopher Budd, security program manager at Microsoft's Security Response Center (MSRC), affirmed the company's patch-now stance on MS06-040. "We've got our Emergency Response process teams watching for any possible malicious activity," wrote Budd on the center's blog. More than 100 million copies of the MS06-040 patch were downloaded in the first 30 hours after its Tuesday release, he added.
The next two to four days should tell the tale of the bug.
"It's very important to patch right now," said Dunham, "because most exploits are developed in the first week after the vulnerability is disclosed. It not by then, then four or five days later, but by then most people are patched."
"This is the real thing," said Murray. "It's not a false alarm."
The Windows 2000, XP, and Server 2003 patches for the MS06-040 Server service flaw can be obtained via Microsoft and Windows Update services, or directly from this Microsoft site. Additionally, on Wednesday eEye Digital Security posted a free-of-charge tool that scans networks and its Windows systems to identify those at risk. The tool can be downloaded from here.