Personally, I'm tempted to set up my firewall to NAT incoming requests on port 135 to either www.metasploit.com or www.xfocus.org. I know this is the full-disclosure list, but working exploit code for an issue this huge is taking it a bit far, especially less than 2 weeks after the advisory comes out.
IMHO releasing the exploit is ethical and legal.
The root of the problem is m$, they should take responsibility for the worms.
IIRC the m$ EULA states something like "the product is not fit for any purpose". So the exploit is consistent with the m$ EULA, I can't understand why you whine.
btw, Terry Pratchett has very good writings on IT EULA's and practices - check "Good Omens" and a disc world book mentioning a disorganizer.
georgi
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
