A 0x80240020 error while attempting to run Windows/Microsoft Update is caused by the update service not being able to achieve the proper logon status during the update process.
The service normally runs as LOCALSYSTEM, but needs to be able to impersonate the currently logged on user in order to properly download and install updates. If it can't do this, you get the 0x80240020 error.
This is usually caused by a corrupt or missing registry branch.
Open the registry editor (Start->Run, type regedit and hit Enter)
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\, and ensure the SensLogn key exists. Usually when you're getting this error, it doesn't.
There is a Microsoft knowledgebase document (KB910341) on how to fix this problem, located here, but the procedure outlined is completely manual and error-prone.
Much easier is to download a registry file, and automatically import by double clicking the file.
Download the fix file for Windows XP/Server 2003.
Fix files for Windows 2000 and Windows Vista/Server 2008 are coming soon.