About the monthly thing...
We actually had a Micro$oft *SECURITY* guy come on campus last Wednesday and gave a big presentation on this thing.
Apparently, the "really" critical stuff will still be immediate, but other junk will be bundled into monthly (cumulative, I think) updates. You probably won't have to wait a month for your "Blaster Worm version XXXX" patch.
Also, some guy walked up to the M$ guy before his presentation and said, "YOU SUCK!". The M$ guy said in his presentation, "we suck less."
Go figure.
BTW, they will release Windows XP SP2 next year sometime, and Windows Server 2003 SP1 not long after that. They are also working on reducing patch size for the people still on 56K connections. They are trying to use a unified installer for patches that will allow for rollback of all patches. In addition, they are going to roll Windows Update, Office Update, etc. into a "MS Update" thing (if I remember correctly).
EDIT: I am not a Microsoft fanboy. I'm just trying to give you information from that guy's powerpoint presentation.