Everybody had plenty of chances to install these patches. Consumers have Windows Update and the AutoUpdate feature has been there since Windows Me to automatically download and even install the patches. For admins and hosting services, Microsoft offers several security checkers including the Baseline Security Analyzer to make sure your system is set up properly as far as patches and user permissions are concerned.
People don't use this stuff. There are plenty of reasons. Everyone running illegal copies is afraid to use AutoUpdate for fear they will be discovered. Legal users don't turn on AutoUpdate because they are afraid that installing a patch may break their setup. Some patches require a reboot or at the very least a restart of critical services, and the site may not want to take 5 or 10 minutes of downtime. Companies that need to pay someone for maintenance and patch installation don't want the expense. People who just set something up for fun and learning don't want to apply patches. This isn't a Linux or Windows thing, this is a human nature thing.
As far as I can tell, our server was patched for this particular hole; the patch was released in July as I understand it. However, our servers were not that up to date, I was just talking to the hosting service and pointing out that we were at least two months behind on patches. They said their own internal testing had shown some compatibility problems and they were working through the issues with Microsoft. Is that true, or were they just slow in doing updates? I don't know.