This story is so old and happens so often that it isn't news. That it continues is very frustrating for anyone who has been in the Internet industry since the Internet became popular around the release of Windows 3.1.
Windows is impossible to secure. I'm sure that if I bother to search a few darker spots of the net I will find current working unpatched Windows "total takeover" exploits.
The only good news appears to be that it used to take years rather than only 9 months for Microsoft to respond with effective patches.
Until Microsoft can be held responsible for the losses associated with using their software none of this will ever change. There is a very good reason that most Internet startups do NOT use Windows on their customer facing servers. It is just not maintainable.
Open source isn't perfectly secure, but at least knowledgeable persons can debug and patch it much, much faster than 9 months.
Microsoft usually ignores or spends a long time fixing severe bugs or design issues which can kill any business dumb enough to adopt Windows even with all kinds of regularly ineffective "3rd party protection."
Apple is better than Microsoft, but still weak in so many areas that it is also a non-starter for Internet facing servers.
Here is a simple test: If you need to add Anti-virus software or added firewalls you are using an insecure operating system unfit for use on the Internet.