I'm currently playing around with a windows 2003 SP1 box. No further patches beyond SP1. No firewall.
Using backtrack4 fully updated.
It's weird, nessus says there's 5 High Risk vulnerabilities(ms08-067, ms09-001, ms05-027, ms06-040, and ms06-035),
but it seems like none of the exploits work. Using either metasploit manually or with fasttrack.

I'm wondering if anyone else has the same experience.
Is Windows 2003 SP1 without any patches that safe?