Since companies often don't have internal firewalls
Infecting one PC with memory resident malware would allow it to infect other PCs using any random remote exploit combined with an escalation of privileges once aboard the new target.
Then even rebooting won't fix anything, you'll be reinfected by one of the other infected PCs. Even after a patch Tuesday update everything will eventually be reinfected, since not every PC will be rebooted at the same time. Even if the hole being used is patched, or an AV software vendor developed detection for it, the malware could download updates to continue operation (masquerading as what looks like normal web queries to mask the activity)
It written well enough and properly maintained, it could essentially be immortal. What are you going to do, get everyone in the company to shut down every PC all at once? Yeah right!