I know it is getting too easy to point the finger of blame at organizations that are still running old versions of software and not taking care to patch them. But I still need to point out how critical systems are all around us. A case in point, highlighted in this article, covers the outage at US Customs supposedly caused by the Zotob worm infecting central databases. "Oh ho!" you say, now we know that critical information processing at what is treated as a critical function of the government runs on Windows 2000. This is not good. Not patching these old systems is even worse.
A minor matter that made for inconvenience to thousands of people, but the big concern for me is how many critical systems are not identified as critical until after a worm or virus disables them.
Better to upgrade those systems with an eye towards security then to invest in the asset management systems to patch and repair as needed. That's what I say.