Iain Mulholland, lead security program manager at the Security Response Center, says that hackers often use reverse engineering on Microsoft's patches to concoct their worms. After a particular fix has been released along with the technical details about the vulnerability, the so-called black-hat hackers go to work.

The bad news is that the time between the posting of a patch and the debut of a worm aimed at exploiting the original weakness has become drastically shorter. Remember Nimda? Microsoft says that crackers took almost a year--331 days--after the company released a fix for the Nimda vulnerability to unleash their attack in 2001. Two years later, the Blaster worm arrived just 25 days after Microsoft put out the corresponding patch.

So be forewarned: Now is a good time to get a new fix for Outlook 2002 and one for MSN Messenger 6.0 and 6.1.

If you are running Outlook 2002, the latest critical flaw could let a scoundrel disguise a worm in an innocuous-looking HTML e-mail, or plant a link in an e-mail that would lead you to a contaminated Web site. Once activated, the worm would execute the hacker's attack program on your PC, and it could delete every one of your files, just for fun. (You're safe if you've already installed Office 2002 Service Pack 3--or if Outlook 2002 isn't your default e-mail program.) Nobody has reported any exploits yet, but I urge you to take care of this problem. Go to the Microsoft Security Bulletin MS04-009 to install the patch.

The other hole, while less serious, could still cause Excedrin Headache 2004. If you use MSN Messenger 6.0 or 6.1, an attacker could slip you an instant message that, while invisible to you, would allow someone to read files on your PC remotely. (However, if you've blocked anonymous users, you're protected.) The bad guy would need to know your sign-in name and the names of files on your system. Head to the Microsoft Security Bulletin MS04-010 to grab the fix.