Jon’s experience mirrors mine — Jon Udell: Windows Update confusion — the 3rd party GDI Scanner listed is helpful.
Here is a good tool to check for gdiplus vulnerabilities — SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System – Current Infosec News and Analysis — much better than the “be vaguely afraid but we won’t tell you why” microsoft tool.
Per LarryO, a lot of people are running XP in non-admin mode at MSFT. Some great pointers in his article — Aaron’s blog and his post on RunAs. I’ve had problems making non-admin work on the machine in our family room — mostly when I am at the machine and I want to do something not permitted — I have to dig into this RunAs post. Particularly as it applies to running CPLs and manipulating network connections.