Take the latest cumulative update for Internet Explorer. Two of its corrections sealed significant holes in IE 7 for both Vista and XP, starting with COM objects (precursors to ActiveX controls). Viewing a site with a poisoned COM object could allow an attacker to take control of your system, although you would have to okay an IE 7 dialog box first.

The second flaw exists in an internal IE function, the property method. An attacker could target the flaw with a specially crafted Web page and hit you with a drive-by download.

The same cumulative update addressed four crucial issues with ActiveX and Active Scripting in IE 6 on Windows XP SP2. When you factor in fixes for critical flaws in IE 5.01 and 6 on Windows 2000 SP4, as well as in IE 6 on Windows XP SP1, it's a patch you'll want from Microsoft Support, if you haven't already received it through Automatic Updates.

Broken IE

It's clear these are must-have patches. But a nasty post-patch surprise awaits some Vista users: IE may fail to start. Here's the problem: If you've changed the location of Vista's Temporary Internet Files folder and employ the antiphishing filter, IE might not be able to use that new folder location. The workaround, described at Microsoft Support Article ID 937409, involves moving the folder back to its original location or changing the permissions on its new location.

On top of that, some Windows XP SP2, Windows 2000 SP4, and Windows Server 2003 users had trouble with Windows Update and Microsoft Update: When Windows scanned automatically for updates, or when the user went to the update site, the PC's CPU sometimes bogged down and became unresponsive.

Bad problem, so Microsoft released a patch. But in some PCs, the hotfix not only failed to work, it caused important system tasks to crash. So Redmond released a second patch that supersedes the first and will be distributed via Automatic Updates through the end of June; it's also available at Microsoft Support Article ID 927891 . We'll see if the second hotfix fully cures the problem.