Thanks to a recently announced security hole in Windows, Microsoft is urging all users of IE 5 and 6 to download a "critical" patch. A buffer overrun in the Remote Access Service Data Stub (one of those frou-frou frills MS passes off as a "feature" in its bloatware browser), combined with an embarassing design decision in Microsoft's security scheme for distributing trusted code, means that even users who download the patch are at risk of "upgrading" to the vulnerable piece of code again.
In order that they not accidentally download the buggy control from a malicious web page, Microsoft is telling its users to remove their security certificates. The problem is that since the bad control was written by Microsoft itself and the normal revocation mechanism won't work (thanks to said embarassing design decision), this means that users must go into IE and tell it not to trust Microsoft.
Not a good day for Microsoft PR.