The IT news information site, News.com, wrote in this article today:
Microsoft's policy of relying on software patches to fix major security flaws was questioned Monday after a series of internal e-mails revealed that the software giant's own network wasn't immune from a worm that struck the Internet last weekend.

Eehh!!! So do you still believe the "users not installing patches are the main problem" statement? Does it look serious to you?

If even M$ does not [install patches], who should? Maybe there could be a deeper problem?

By the way, even if they will never announce it clearly, their internal network got infected.

It appears to me that this news.com article could say the truth:
"Seems like every time I install a system patch, something else goes wrong with my system," said Frank Beier, president of Web design firm Dynamic Webs. The designer said many system administrators won't patch for many months, because they don't trust Microsoft to fix the problem without breaking some other function of the software. "In most cases, I'm better off just playing Russian roulette with the hackers until our servers are broken into."