Microsoft maintains a list of all the malware the tool looks for and does its best to remove, but it's not intended as a replacement for an actual antivirus product -- it's mostly a stopgap measure designed to halt the most scurrilous of infections and give users a chance to install more effective protection if they must.
Microsoft publishes guidelines for how to use the tool in a corporate deployment, such as how to integrate it into a Group Policy logon script.
The Windows Malicious Software Removal tool itself will not be distributed by Software Update Services (SUS); it will be available through Windows/Microsoft Update, Windows Server Update Services (WSUS) and the Download Center. Windows Update, Microsoft Update, SUS and WSUS will all receive a number of nonsecurity updates. There are six in total.
In terms of patches, it's been a slow month for security updates. In fact, for the first time since September 2005, Microsoft has no security bulletins to announce at all. There are a few ways to interpret this: Either nothing has surfaced recently that's worth pressing attention, or there's a number of existing exploits that are still being analyzed and haven't yet been officially described.
A third possibility, which is highly likely, is that too many people are scrambling from the impact of the daylight-saving time changeover to really assess a full load of monthly security issues. If April's bulletin load is exceptionally heavy, that'll probably be a tip off that Microsoft stalled March's bulletins preemptively.