It only took MS only 10 months to reissue the bulletin in order to bump the severity from "imporant" to "critical" after they were initially informed of the matter. A phenomenally quick response.

The reason for this change was the fact that it occured to them that people with other than non-default settings were affected. Basing the severity rating of a vulnerability on the number of users potentially affected is incredibly brilliant.

It was also an amazing tactical move to invent "patch day", so patches don't get issued willy nilly (like, say, in the soonest possible timeframe) and make it hard for people to stay up to date.

Completely awe inspiring also how there is a patch freeze period when a new service pack is imminent, during which new fixes that will not make it into the service pack are held back, so that the poor stressed customers won't be confused.

Yes, Microsoft is dead serious about security. Crackers and script kiddies beware, Big Daddy Bill is coming for you.