Just wanted to share that the MS09-008 patch isn't as cut and dry as it seems. There's an issue where if someone has already exploited CVE-2009-0093, the issue will not be properly patched. Yet software (patch management, automatic updates, etc) will report you as patched.
I've posted more details on the nCircle blog. Please let me know if you have any questions.