The link is to a Symantec Security Response Team page.
It seems that the mechanism used in Windows Update and especially automatic updates can be compromised. In fact; it already has been. Microsoft will have to fix this and I'm sure they will. I hope this time it happens soon.
At the heart of this is the same old problem with ActiveX controls. Microsoft is frankly silly to persist in using ActiveX for anything, as it is repeatedly compromised and in fact the presence of ActiveX is in this case, as in many others, compromising an otherwise splendid service. I doubt they'll wake up and really change this, though, as they have failed to do so for years on end.