Cut my feet off, too!

Well, someone has come up with the exploit code for the Sendmail buffer overflow vulnerability. How long until it's included in a worm? How long before people are serious enough to patch their systems?