The lack of security updates on our internal NT servers is the whole reason we were hit by Nimda. It was using a method of propogation which would have been null and void if we'd had the latest patches installed.

My mistake was thinking that our internal network was safe from Nimda because it was behind a firewall. I didn't count on our corporate offices having an infected machine hitting us across the non-firewalled frame relay line.

So if you want to protect yourself against exploits, apply those security patches. Even if you think you're fine because you're on a private network.