Um, I don't see how it could be any easier than http://windowsupdate.microsoft.com

Yes, they are there now, but the days before Code Red, the patches necessary wern't there. Thats why so many people got hit. (That and the MS defaults of everything should be on).

Here is where all hotfixes are posted. Note the one in June, 2001 called "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise". That was a big part of how those viruses worked, and noone knew the fix had been posted months before the problem to the hot fix site. Most people just wait for new service packs instead of installing individual hot fixes. Also, top of that page is the e-mail list I was talking about.

HFNetChk is also a good program for any NT admin to have. It will allow you to scan all servers and NT running workstations you have admin access to, and inform you of what updates need to be applied.

edit: Just as a followup, I downloaded the HFNetChk to my Windows 2000 laptop, checked Windows Update, then ran it. Windows Update listed no Critical Updates, nor any updates beyond IE 6, Media Player 7.1, and some other programs. HFNetChk found I don't have 3 patches applied.