The original version of the patch posted on June 10th fixed the issue in Windows Vista, but left XP vulnerable. Windows 2000 and all Windows Server were not subject to either of the security bulletins.
"As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue," said Microsoft security and response communications lead Christopher Budd.
"Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not."
The updated version of the patch can be obtained automatically through the Windows Update and Microsoft Update services. It can also be downloaded manually from the Microsoft Download Center web site.