"Patch yesterday folks. So far we're aware that an MS05-051 exploit is in the hands of immunitysec Canvas customers - 'October 11, 2005: MS05-051 (MS DTC) Trigger for the bug in MS DTC on Windows 2000'"
2nd day exploits for Microsoft's October updates (details here).
As I was posting this, they updated the info especially for MS05-051 for Win2K:"The obvious thing is to apply patch MS05-051 on at least your Win2k systems. We do know the port 3372 scanning started in full force, likely in order to acquire target lists. If you can't patch, at least make sure port 3372 is closed. Windows 2000 does not come with its own host based firewall. But you can use IPSec policies to acchive the same effect. See this paper by David Taylor for details."