Microsoft Guide to Security Patch Management
Organizations depend on information technology resources and expect them to be trustworthy: a few days of downtime is expensive, while a security compromise of corporate assets can have disastrous consequences.

Viruses and worms such as Klez, Nimda, and SQL Slammer exploit security vulnerabilities in software to attack a computer and launch new attacks on other computers. These vulnerabilities also provide opportunities for attackers to compromise information and assets by denying access to valid users, enabling escalated privileges, and exposing data to unauthorized viewing and tampering.

The operational cost of a day's downtime can be calculated for most, but what if the information with which others entrust your organization is compromised publicly?

A breach of corporate security and the resulting loss of credibility (with customers, partners, and governments) can put the very nature of an organization at risk. Organizations that fail to perform proactive security patch management as part of their information technology security strategy do so at their own peril.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/patch/secpatch/default.asp