Last weekend's Slammer worm turned machines running unpatched Microsfot SQL server that were net-accessible into zombies that unleashed torrents of bogus packets on random hosts, busying-out big chunks of netspace for hours. The techy response was predictable: "What kinda idjit runs a MSFT server product without applying all the patches? And worse, what kinda idjit makes that machine available from the public Internet?"
Microsoft, it turns out. MSFT's own network was riddled with infected servers, which made it especially hard for affected sysadmins to get themselves a copy of the patch.
"This shows that the notion of patching doesn't work," said Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security. "Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."
(Thanks, Bruce!)