The first application is DigitalSignature. If I encrypt a message with my PrivateKey, everyone with access to my PublicKey can decrypt that message, but with that PublicKey, only I could have encrypted it. This provides NonRepudiation? and UserAuthentication?. More or less.
The problem with that is this: On the internet, nobody knows you're not me. You could get a computer account with someone else's username and publicize your identity and PublicKey from that site, and and there'd have to be something beyond the assurances of your and my websites to convince people that I'm me and you're not.
There's two ways of doing this: HierarchicalTrust and WebOfTrust. HierarchicalTrust flows more or less like this: My boss signs my PublicKey, his boss signs his PublicKey, up to the top of the hierarchical structure, and that key is signed by VeriSign or another trust vendor. Of course, not all relations are hierarchical. My friends bear a web-like relationship, not a hierarchical relationship. Developers in OpenSource and FreeSoftware projects often do not bear a hierarchical relationship. So, something that describes their relationship. Thus the WebOfTrust.
The fix is apparently to patch all of Microsoft's operating systems from Windows 95 through Windows 2000.
In downloading and installing products, Windows users are given a choice where they can "always trust Microsoft products." This either removes one of the speed bumps for downloaded installations. This case underlines that trust comes from more than one source. I've been told not to update things by a vendor just after I finished with the updating they've warned against. In this case, I'd start trusting only fixes only if I downloaded them myself from MicroSoft's website. If then.
Of course, this only underscores AvoidIllusion. If customers didn't have faith in certificates to begin with--the illusion of security--, they wouldn't have had enough power to create a security concern. Then again, the former Microsoft employee will be sued into oblivion. What about VeriSign? If you can't trust the CertificateAuthority, there is no trust in the PublicKeyInfrastructure at all.
PublicKeyEncryption transforms KeyDistribution into a problem of distributing and verifying certificates, that is, of ensuring the user of PublicKeyEncryption is corresponding with who s/he thinks s/he is. Good certificates need changed (and therefor, distributed) less frequently, so this transformation is an improvement. A PublicKeyInfrastructure is a means of appropriately handling certificates.