We have a client who literally will not apply a patch unless a PoC is publicly available. There of course are many issues with this, but that's a conversation for another time

Anyone seen a legit PoC for MS08-001 yet? I know CANVAS already has a plug-in for this issue, which is usually a sign that a public PoC is floating around somewhere.

I get the feeling they only want to protect themselves from script kiddies?
Unfortunately many in corporate America and some white collar admins dont have a clue when it comes to the underground.  I recommend anyone serious about security at least make some effort to understand the darker side and that doesn't mean just learning a few tools hackers use.  Years ago I used to spend a lot of time in IRC channels before they got totally over run with noobs and that was a good way. You can still find your way to some skilled people but you really have to be patient now.  Honeynets are good but you do catch a lot of small fish! I think its a mistake of the honeynet community when I read a generalization about black hats being lazy or script kiddies, because thats the majority of what we catch. Then again I would agree if we included that group, yes they would be the vast amount out there, but I am not really worried about that segment any way.   Amazing how even a poorly configured firewall thwarts them.  My point is , it would be wrong to dismiss the entire community as that.  I remember seeing about 5 years ago the authors of Hacking Expose in an interview say that there at least 10 exploits being traded by serious Black Hats that Microsoft was not aware of and had no patches.

You need to patch everything possible and then you still wont be protected because there are exploits that the white hat community is not aware. I believe as pentesters our job is to educate and if can do a good job of scaring the hell out of our client the better. If you go in like a cold robot and speak that way then you will be dead in the water. Give them the true facts but qualify it with the true possible out come of a breach. So policies need to be in place for damage control. Thats the reality. Now if this is a low level target then I would not be that concerned, but if it would be a major financial gain to hack the data, then obviously every possible breach needs to be identified and dealt with.   

Any way, I will look in my bag of goodies and see if I have a poc, if not maybe if I have time and its not too much work I can put one together and send it to you.