Microsoft released four security patches that they rated critical. They are…
MS07-018 is for Content Management server and doesn’t affect it’s desktop OS’s.
MS07-019 is for a vulnerability in Universal Plug and Play. It only affects Windows XP SP2 and the 64-bit version of Windows XP. Note that MS doesn’t support WinXP SP1 and the fact that it’s not listed doesn’t mean it isn’t vulnerable. It just means Microsoft wants you on the latest SP and if you aren’t they don’t care. (To be fair, by now you should be on the latest SP) MS doesn’t list any known issues. Windows 2000 and Vista aren’t affected.
MS07-020 is for a vulnerability in Microsoft Agent. It affects all Windows desktop OS’s except Vista. MS doesn’t list any known issues.
MS07-021 is for a vulnerability in CSRSS. It affects all Microsoft desktop OS’s including Vista. MS doesn’t list any known issues.
And there was one bulletin rated “important”. MS07-022 is for a Windows Kernal vulnerability. This will get installed by WIndows Update (by default) as a “High Priority” update. This affects Windows 2000 SP4 (earlier SP’s aren’t supported and may be vulnerable) and Windows XP SP2 (earlier SP’s aren’t supported and may be vulnerable)
So in the final tally, Windows Vista is “more secure” than Windows XP as only one patch was for Vista and four (3 critical) were for Windows XP.
When I applied the patches to my Windows XP machines a reboot was required, which is usually the case.