Having the latest updates would have prevented most of the Code Red/Nimda update, but the problem was that MS didn't have the updates in an easy to find place.

One thing to keep in mind is that MS does have some sort of e-mail list that they use to just announce security patches. I am subscribed to a similar one from SuSE, and every one has links to the file I need to tell Yast to grab to update it's self. Any NT admin should be subscribed to this list.

Also, checking with the hardware vendor may be a good idea for any known issues with patches. Microsoft has a bad habit of including their own drivers in Service Packs or major updates that overwrite a vendors newer driver and could cause problems. The solution is to usually install the vendors driver updates after installing an MS update, but before letting the MS update reboot the machine.