That's interesting regarding the NICs... I've read other reports of people stating that DHCP wasn't working for them on their wireless after installing the patch. I wonder if it's s trend..

As for how the servers get exploited... malware doesn't have to use a single attack vector.

A workstation may have the MS08-067 patch, but that doesn't mean it can't be infected by a worm that takes advantage of MS08-067 to spread. For example, a unpatched browser vuln could be used to drop the malware on the system, and it can then target unpatched systems on your network.

Maybe not a great amount of risk, but it's something to consider.