more (moore?) on smb relaying

In a futile attempt to catch up on my news feeds, I see HD Moore had a very detailed post dealing with SMB relay attacks and the MS08-068 patch. HD gets to the meat towards the end:

The patch does NOT address the case where the attacker relays the connection to a third-party host that the victim has access to. This can be accomplished by setting the SMBHOST parameter in the Metasploit smb_relay module to a third-party server. There are many cases where this is useful, especially in LAN environments where various tools authenticate to all local hosts with a domain administrator account (vulnerability scanners, inventory management, network monitor software, etc).

Maybe I still have a disconnect, but it still seems like this should be a huge concern, at least for an enterprise or even a small, but important trusted LAN. I think the hardest part might just be getting a user to initiate that first connection, or an automated device to initiate it (which might not be so hard these days as we have more and more automated tools ‘finding’ the devices on our networks on their own).