Roger,

This is the topic where you can debate for hours. I think this is happening for several years, organizations doesn't follow proper patch and compliance management procedures and when they get hit by viruses / worrms - they know who to blame!!

After all, even if we go to buy a laptop it only comes with 2 year warranty - it doesn't give you assurance for life-time gurantee for not breaking down.

I agree to the certain point that patch management is really hard to implement. Most of the organizations find very hard to patch the servers / clients straight away as soon patch is relased. They are heaps of reasons but more prominent ones are

1) Change management - it has to go for testing, approval from change management team and so forth - which takes weeks to deploy that patch (in most cases)

2) Organization hates rebooting their servers

3) Most of their applications are out-of-date and they are not sure whether this new patch will affect them or not.

This is the huge problem and bad guys will continue to take advantage of this, atlas people will continue blaming Microsoft and vendors for not providing secure softwares.

Shoaib