We went through the same thing in our org, we even have a win7 vm and it needs to be patched more because it has the SP1 installed already but its missing some software still, the same message appeared for us and you need patch up the servers to get them up to the standard. But it has to be that way cause the security software cant protect the computer correctly because there would be too many security gaps in the server OS. Ours is not fun either, cause the VM is used for the accounting department and we need to take ours offline while we patch it and get it up to the standard for eset and the accounting department is going to be bugging us during the whole time asking us if its done yet or how long its going to take even though we are giving them two weeks notice ahead of time.