It is certainly true that admin people should apply patches as soon as they are available, but in some cases this is too late!
You get quite a few who don't even bother to do that.
I was interested in MsMittens post about MS not publishing info on security loopholes (nothing to do with WindowsXP surely?). IBM tried this approach a few years ago (on their mainframe systems), but changed their policy when their users (mainly large companies) complained.