At least this exploit requires someone to open and e-mail attachment to get infected with trojan to allow for the attack I suppose. It could have been far worse if it was a wide open zero day that targeted Windows Update Service to slip in a dirty non official update that opened up remote connectivity over port 80 etc.
