That's a given. What needs to be done in a lab environment is some heavy duty penetration testing against all the affected Win server vers. which I believe is the entry point to try an find an inbound access point unknown vulnerability.