Just completed applying the security rollups for WSS/MOSS to fix the Elevation of Privilege security vulnerability as well as fixing the daylight savings time change issues. I followed Shane Young's post on performing the install and it was relatively painless and worked fine. I did see the 'Failure to start service SPSearchServiceInstance...' warning during step 8, but running stsadm -o osearch -action start (as described on TechNet) after the configuration wizard completed restarted the Search service without any problems.
One thing I was a little confused about was the proper order of how to apply things in a farm because of the warning that pops up in the Configuration Wizard about needing to install the updates and run the Configuration Wizard on all other servers before the one currently being configured. Shane describes his install for only one server, and Joel Oleson says that you need to install and run everything on all servers on his FAQ about the patches, but doesn't give any particular order.
I really don't think it the order matters, but here's what I did on my 2x1 farm (2 WFEs and 1 Application Server). Central Admin runs on the App server.
1) Installed the executables on all servers. The WFEs required reboots after each patch was applied.
2) Ran the Configuration Wizard on the App server.
3) Ran the Configuration Wizard on the WFEs.
I think that the only thing that matters is that the patches are applied to all servers in the farm before the Configuration Wizard is run anywhere. Then it doesn't matter the order of the servers that you run the Configuration Wizard, just make sure you run it on all of them.