Previous patches had mitigated the problem, so Microsoft rated its severity level as Important, the second-highest rating on the company's four-tier scale.

This bug primarily affects Windows XP (which some 700 million people still use) and Windows 2000. For Windows Vista, the risk is only Moderate, Microsoft's second-lowest rating, and the for a network technology called System Message Block (SMB). Exploiting the security hole would let an attack program capture user or program credentials, granting a successful attacker full control over the compromised PC.

Why did it take so long to fix?

"[In 2001] we said that we could not make changes to address this issue without negatively impacting network-based applications.... For instance, an Outlook 2000 client wouldn't have been able to communicate with an Exchange 2000 server," Christopher Budd, a security program manager at Microsoft's Security Response Center, said in a blog post.

If you don't get patches installed automatically, you can obtain this patch and more info from a .