Since it’s taken me all morning to find it, and other people may find it useful:
This avoids the Catch-22 of having to put an unpatched Windows box onto the internet in order to get all the security patches to make it safe to put on the Internet. Be aware, however, that XP Service Pack 2 is on it’s way and that’ll include most of these with it.
A note on research, here. I spent about an hour trolling the Windows XP microsite looking for a list, wandering though the Expert Zone (“Focus on New Users” was the lead headline. Define Expert) and generally seeing if it was actually where it should be on the site, and then gave up and typed “hotfixes since XP Service-Pack 1” into google, which got me a PC World article sending me to a download page, which sent me to a Microsoft Redirection page sending me to the aforementioned MSKB article.
This is, in fact, bollocks. Columbus had better navigation than that when he sailed to India. Microsoft may not want to admit it, but there are major holes in XP as released, and even in SP1, and it’s really important to be able to get your machine secured as quickly as possible, and not even mentioning the above article within the security section of the offical XP microsite is just stupid. The Trustworthy Computing thing is a good idea, and deserves kudos, but won’t work unless we – as Sysadmins, users and developers – can trust Microsoft to admit when something is wrong, and hiding a list of security updates (It is, however, an extremely impressive list of updates) doesn’t inspire that kind of faith.