If you are directly connecting it with a public IP address, then it will be compromised, probably within hours.
Tests have been done that show that if you do a fresh WinXP install from disk and put it unprotected on the internet to download all the important updates, it'll be compromised before it's finished downloading them. I think it's reckoned to be under an hour before something will attempt to scan it.