http://isc.sans.org/diary.php?date=2004-04-15
Dave Aitel of Immunity Security has stated publicly that they have released working exploits of two vulnerabilities patched by MS04-011 to their CANVAS customers:
http://lists.immunitysec.com/pipermail/dailydave/2004-April/000500.html
The LSASS.EXE vulnerability can be exploited to run arbitrary code with system privileges on vulnerable servers. eEye Digital Security has more details and also confirms the ability to run arbitrary code with system privileges using this vulnerability:
http://www.eeye.com/html/Research/Advisories/AD20040413C.html
Immunity’s claim that they have a working ASN.1 exploit has not been directly confirmed, but we have several anonymous confirmations that working exploits exist.
IT IS IMPERATIVE THAT THE PATCHES PROVIDED BY MICROSOFT IN ITS APRIL SECURITY RELEASE BE APPLIED TO SYSTEMS AS SOON AS POSSIBLE. It is our belief that the likelihood of a worm being released SOON that exploits one of the vulnerabilities addressed by these patches is VERY HIGH.
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx is the MS bulletin.
You’ve been warned. Get your stuff patched ASAP.