Well, this is not the case. The security hole has been issued. A patch is available. The actual problem is threefold...
1.) Microsoft _is_ a security problem. There are far too many holes in all Windows versions to be found. This shouldn't be like that, but it is.
2.) Microsoft is usually a bit slow in preparing patches. And when they're fast, they screw up big time (happened a few times, patches that opened new holes...).
3.) Microsoft has a trust problem. IT staff doesn't like to install patches just when they come out, because they're afraid to break a working system. That might not be such a big problem for a home user, but if a patch screws up a server (or a dozen) or a multitude of client computers, it's the admin's problem, isn't it.
The solution? Microsoft should become faster in testing patches across more (and different) setups. The goal would be to persuade IT staff to let servers and client machines be automatically updated by Microsoft. This way, you (as an admin) could even stay at home if something like this worm crops up. The patch would be automatically installed and your system would be safe (again).
But this doesn't happen soon.