Internet worms spread in an automated fashion and can cause tremendous damage in a short period. As worms start spreading, knowing the worm prevalence patterns under the impact of various patching schemes is important for software vendors to decide whether or not, and when to release the patches. Due to the strong analogy between the spread of worms on Internet and the spread of disease among human society, we analytically model the spreading process and the impact of patching decisions on it by using the same techniques in epidemiological research. We find that, only by releasing patches providing immunity to susceptible users, the epidemic can be ceased efficiently. From the viewpoint of software vendors, the patch development cost and the reputation cost incurred indirectly from victim users should be balanced to decide whether, and when, the patch should be released. The paper gives closed form solutions for the optimal patch release time and discusses the conditions in which the patch should not be released. The results in this paper can be used either as a starting point for further research, or by software vendors for deciding their patch release strategies.