You know that patches are essential, but the download/install/reboot cycle gets old fast. And it doesn't help when the patches themselves have problems, as some from Microsoft recently did.
Take the latest cumulative update for Internet Explorer. Two of its corrections sealed significant holes in IE 7.0 for both Vista and XP, starting with COM objects (precursors to ActiveX controls). Viewing a site with a poisoned COM object could allow an attacker to take control of your system, although you would have to okay an IE 7.0 dialog box first.
The second flaw exists in an internal IE function, the property method. An attacker could target the flaw with a specially-crafted web page and hit you with a drive-by download.
The same cumulative update addressed four crucial issues with ActiveX and Active Scripting in IE 6 on Windows XP SP2. When you factor in fixes for critical flaws in IE 5.01 and 6.0 on Windows 2000 SP4, as well as in IE 6.0 on Windows XP SP1, get the patch here if you haven't already received it through Automatic Updates.