An intriguing statement, made by Chester Wisniewski (MP3) at about 5:48 of Episode 75 of the Sophos Security Chet Chat, recorded 14 October 2011:
From Virus Bulletin [link added --ed.] last week in Spain: Microsoft presented some really interesting material, talking about 99% of attacks against a given exploit occur after the exploit has been patched, and many times, more than thirty days after that exploit has been patched.
I think this might have been said during Holly Stewart's talk (PDF), titled "Top exploits of 2011." See slide 16.
Yes, today is Patch Tuesday. If you don't have Automatic Updates turned on, please be a good Netizen and visit update.microsoft.com.
(Using Internet Explorer.)
(Just this once!)