The article doesn't actually say that Microsoft is using SSLv2, but if they were, then someone could potentially execute a man-in-the-middle attack against a user of the service. Which is to say, they'd know exactly what you're downloading, along with any other information this services sends to Microsoft, and they'd be able to provide you with fake results for the software safety check that this service provides. Odds are they would also have your IP address, so they could also potentially link this to you (e.g. via your other browsing behavior over insecure HTTP). It would be a pretty serious flaw.

http://www.gnu.org/software/gnutls/manual/html_node/On-SSL-2...

http://en.wikipedia.org/wiki/Man-in-the-middle_attack