Microsoft declined to elaborate further about the red-lettered warning or why it decided to debut the feature.
From comments made by other security analysts, the in-your-face alert was justified. "This is remotely exploitable," said Jonathan Bitle, product manager at security vendor Qualys. "We've seen this service exploited before with other worms, so it's definitely a concern."
Although large-scale worm attacks are almost a distant memory -- MSBlast, for instance, which exploited a similar Windows bug, broke three years ago this month -- Bitle said a worm attacking the newly-disclosed vulnerability was certainly possible. "There could be code out and available as we speak," he said. "It might be on the Web somewhere, though we haven't seen any yet."
The SANS Institute's Internet Storm Center made mention of impending threats, too. "[There has been] a lot of speculations about a possible worm," wrote Johannes Ullrich, the chief research officer for the ISC, on the organization's site. "But then again, worms are so 2004."
"Criminals are in business to make money, and they'll try anything to get into your machine," said Symantec's Martin. "If they think this will work, they'll use it."
Microsoft offered alternatives for those who couldn't immediately deploy the patch, including blocking TCP ports 139 and 445 at the firewall.
"You should also watch the network traffic," advised Patrick. "If your security software is up to date, it should be able to spot the 'fingerprint' of the attack in the packet traffic."
Also on Tuesday, Microsoft posted a document to its support site that offers guidance on what update mechanisms can be used to deploy the August patches, including the one spelled out for MS06-040. The ISC urged enterprise users to turn to the document if they had trouble installing the fix.