Doug Pearson of REN-ISAC just sent an announcement to the public EDUCAUSE security listserv that MS09-039 is actively being exploited in the higher education arena.

The message confirms earlier speculation by the Internet Storm Center that exploits for the WINS vulnerability are live on the Internet and spreading.

On interesting item in the REN-ISAC bulletin in the explicit warning not to just rely on perimeter firewalls for protection as successful WINS server compromises have been seen originating from inside the organization.

Once again: it is time to patch, block, or disable unused services.