The company that I work at is pretty much assumed to be bound to Microsoft at the hip. There is even an acronym that is derived from the two of our company's names/product.
Our internal SQL servers were down the whole weekend and most of Monday. We are still blocking ports and dropping nodes as I type today.
Along the lines of what Darin says, think about what it would take to proliferate a patch released ~4 months ago to ~10,000 servers. Then think about all the issues that might be caused because you didn't test out if the patch created more problems than it fixed. Then think about the fact that all of those servers need down-time. Then think about that down time and how it would interrupt how your employees get their jobs done.
At my company alone, if we have unscheduled downtime it costs us about $1,000,000 an hour in just one factory.
The best you can hope for in a large company is to test patches as quickly as possible for negative interactions as soon as they are released, but it takes at least a couple of months of testing in a non-production or a non-critical production environment just to make sure you aren't going to screw up the rest of the company.
You can't even begin to imagine the negotiation of all that downtime once the patch as been tested and all the interaction issues are documented.
Yeah, its real easy to install a patch on one server, but do it on ~10,000 when it can't be undone and see if you have a job for much longer.
The whole scenario is just a massive nightmare, and we have to do it over and over, multiple times a year.
FWIW, there were HUGE holes found in Solaris and other Berkley based Unix OSs last year. But those systems are an order of magnitude less prolific than the relatively cheap MS based platforms. That also means there are an order of magnitute less hackers and virus coders trying to maliciously bring down those systems.
If you had any experience in dealing with this at large companies, you would find there is certainly no irony what-so-ever. It is a planned, malicious, and criminal act, and deserves to be punished accordingly. Anything to the contrary is akin to saying it was your fault your house was broken into and all your things were smashed because even though you locked your doors, you didn't have bars on your windows (pun intended).