Systems at CNN, ABC, the New York Times, DaimlerChrysler and others were reportedly either hit by the Zotob-family worms or were taken offline to apply the Microsoft patches. The decisions about whether and when to apply security patches are especially difficult in the case of critical business systems. It sounds like some organizations either didn’t get the right answers from their risk assessments or simply fouled up implementing the patches. However their contingency plans (presumably at some point involving the command ‘apply those **** patches, NOW!’) seem to have limited the damage, so far, although companies that were infected with Zotob now have to deal with the threat that their systems may perhaps be 0wn3d with keyloggers and other nasties quietly doing their stuff.
More change management resources