I run a mixed network of Windows, Linux and other platforms and they each have security flaws (especially Samba on Linux or some of the FTP server suites.....)
At the end of the day if you want to get a machine on the Internet you have GOT to be paranoid.
I'm in the fortunate situation where I can use automatic patch management tools to ensure that my machines are up to date.
I'd strongly suggest that anyone who uses windows goes and pays a visit to windowsupdate.microsoft.com and once it has installed all of it's patches you scan it AGAIN.
This is because some newer patches NEED components of older ones. Not ideal but thats what we have
--
Gary.