Security holes in Internet Explorer are a dime a dozen - of course there are patches for them too. So just install them. That's quite simple, right? Wrong. IE 5.5 is installed - the patch is only available for IE 6. But you can just update the browser, right? Wrong. IE6 requires Service Pack 6a on NT4. But you can just install that, can't you? Wrong.
And now it got really wild: I have an NT4 with IE 5.5 on it. Installing the normal SP6a gave me a message that I was trying to install a normal encryption version over a high-encryption version and that wouldn't work. But there's no high-encryption SP6a - you literally have to patch the normal SP6a by hand! So unpack the service pack, search for update.inf, search for the checksecurity.system32.files section, throw out schannel.dll from there. Now you can finally install the service pack. And the first reboot, because I just want to patch a browser.
Ok, then finally install IE6. It churns away for an eternity and what comes next? Of course, the reboot. Because I just want to patch a browser. The fact that it keeps working after the reboot was clear. What the heck is it doing with all that? It's just a damn browser!
Then finally install the cumulative patch for IE6. Which, surprisingly, doesn't require a reboot. I thought. Until the question came up whether I wanted to restart now. It's just a browser! A damn browser! A crummy application program that needs to be patched because the manufacturer is too stupid to do it right!
That's just bullshit. (Side note: Of course this isn't a real Windows system, but a VMware - so I could work in parallel, namely under a real operating system
)