The wide-ranging flaws affect IE 5, 6, and 7 on Windows 2000, XP, Vista, Server 2003, and Server 2008, but they're most serious if you use an older version of IE on Windows XP or 2000. In those cases, an attack could run any command and have its way with your PC. If you've upgraded to IE 7, the flaws permit miscreants to steal user names or other cookie-based data, but nothing more.

Two of the bugs rated as most dangerous in Microsoft's new "exploitability index assessment," which gauges how likely an attack is against a given vulnerability. Get the fixes through Automatic Updates, or (and read more info on the new exploitability ratings) from Microsoft TechNet.

Insecure F-Secure

Once again, security software has created an insecurity. If an F-Secure's program--ranging from Internet Security 2008 to Anti-Virus 2008 to Home Server Security 2009, in versions dating to 2006--scans a poisoned compressed file, your PC could be compromised. F-Secure says that no attacks have occurred, but if you use any of these versions, make sure that it has picked up the latest program updates (which should happen automatically).