Roger A. Grimes explains why keeping up to date with patches can mean the difference between a functional system and a playground for hackers

I'm finding many Windows servers without the MS08-067 patch and no specific mitigations applied. There hasn't been a very large malware outbreak (a la Code Red, SQL Slammer, etc.) in a few years, and perhaps this could be leading to a false sense of security.

If you don't patch, the ever-transforming Conficker malware program could end up testing your security perimeter breach responses. Microsoft released the patch on Oct. 23, 2008, nearly two months ago. To remain unpatched at this point and time doesn't seem to be a great idea, but there are still plenty of vulnerable servers out there.