I think part of the problem with most DoS attacks, or worms like this one, is the lack of administrators patching their systems. This worm in particular uses a vulnerability that was discoverd in July. Granted M$ and other os vendors need to write better code, but they can only do so much to test. Even when they release patches and fixes, they are relying on system administrators to keep their systems up to date to prevent something like this to happen. So a lot of the blame should also go on the IT staff that supports and runs these servers.