I was reading this article and it reminded me of a few things. Sometimes when sitting in the Microsoft camp we say how good / bad others are at security, but rarely reflect on what people need to do and why. When there is a known issue with a package, I suspect many don't go to a test environment and pull the patch apart, many just do a quick test on 1 pc and then deploy wider. Obviously SBS 2003 R2 makes this process easier as you can now control the deployment and retraction of patches via the console. It also reminds me that it a patch is needed, it is really a mute discussion on how many issues it fixes, reboots or any other aspect - if your systems are vulnerable, you need to patch of mitigate. To do neither is inviting huge issues - and I have seen plenty of customers with issues. What I did also see was a comparison table showing that systems often thought to not be at risk, such as those by Apple, can still be very susceptible. When a security issue exists on a system, it does not matter if 1 or a 100...