My latest blog post on this matter generated quite some attention. Based on what happened since then, let me be clear on what I wanted to say (and still want to say):
If you decide not to roll out a security update which is so critical that we decide to go out of band, you play Russian Roulette with your network as you can guess that there will be attacks exploiting this vulnerability pretty soon. The same is actually true if you do not run and maintain an appropriate Anti-Malware solution. There were just a few that are able to detect and remove Conflicker (ours was one of the first!)
Now, if we look at Conficker.B: This is really an ugly beast: You need just one infected machine in your network in order to have it spread across your network fast and aggressively. You can get it even through a USB-stick.
So, drawing the conclusion that I said every customer having Conflicker.B did not patch and therefore playing Russian Roulette is completely inaccurate and not what I said!
it just needs one unpatched/infected machine…