Seeing as how this auto-update can be disabled, I think it is a step in the right direction for keeping the average user updated and secure. Although they will still likely keep the security updates as part of the Patch Tuesday, they now have the ability to patch 0-day exploits with higher acceptance rates. They may also opt to use this method for most of the IE security updates in the future in order to reduce the numbers on patch Tuesday and give the appearance of being more up on their security.