Yep..... Dead on..... And patching, for the most part, involves the publicly accessible machines. Furthermore, most of the recent exploits have been against services that shouldn't even be available publicly, so the admins need to pay a bit more attention to firewall management too.... Or maybe just the purchase of a firewall might help.....