A scary security flaw that would allow malicious worms to infect one PC and then automatically jump to others prompted Microsoft to release a rare out-of-cycle patch in October. The glitch is critical for both 32-bit and 64-bit versions of Windows XP and Windows Server 2003, and for Windows Server 2000. Microsoft says that targeted attacks exploited the hole prior to the patch's release, and that "detailed exploit code" is currently available online.

This marks the first time since April 2007 that Microsoft has released a fix outside of its normal Patch Tuesday cycle; it wa s sparked by lessons learned from worm epidemics like Blaster and Slammer, which cost users billions of dollars to disinfect in 2003.

Apple's hugely popular devices may have become gold standards, but recent glitches in the new iTunes 8 bring an unwelcome blast from the past to Microsoft's latest operating system. Connect an iPhone or iPod, and some Vista PCs either crash with the dreaded Blue Screen of Death or spontaneously restart.

Apple says the problem can have more than one cause, and the company hasn't yet promised a patch. But if you're suffering from this unhappy pairing, Apple suggests a few options, including reinstalling iTunes 8, updating old device drivers, and checking for address conflicts be­­tween USB devices. For details, including which iPod models can have trouble (all iPhones do), head to Apple's support page.

One flaw in the largely forgotten Windows Image Color Management (ICM) system allows a villain to take over your PC if you view a tainted image displayed on a Web page or embedded in an Office document or e-mail. This is one of 19 holes for which Microsoft issued six "critical" patches; attackers could use them for their malicious creations (no booster rocket required). Though ICM (meant to ensure that colors display correctly on different devices) never caught on, the insecure code still resides in Windows 2000 Service Pack 4 (SP4) through XP SP3 and Windows Server 2003. Vista users are safe.

Mozilla issued updates to patch two security holes in both Firefox 2 and 3. The first fix blocks a malicious attack program from crashing Firefox by sending more pipe (the vertical line, or "|") characters than the browser can handle. The second vulnerability involves a similar overflow attack risk.

Here's an example: This month Adobe closed a hole in its Acrobat and Reader programs even as they were already under attack--a true zero-day scenario.

This Jet is a database engine in Windows XP, Vista, and 2000 for use by other programs that you might install, such as Office. It's normally behind the scenes, but a recent zero-day security bug--one that actively attacked before there was a fix--let the bad guys take over vulnerable PCs by targeting a Jet flaw. XP SP2 and Windows 2000 SP4 (and earlier) are at risk; Vista and XP SP3 are safe.

Still on Windows XP? Me too. So we'll both want to be sure to install Windows XP Service Pack 3 (SP3), which should be available from Microsoft by the time you read this.

SP3 will come via Automatic Updates, and like most service packs, it focuses on must-have bug fixes. Unlike SP2, which included big changes with the Windows Security Center, this third pack adds new functionality only for enterprise networks.

Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

Microsoft says a few programs, including The New York Times Reader and Zone Alarm 7.1 security suite, can't start or work properly with Vista SP1. Most affected companies now have updates to fix the problem.

Just in time for spring, Microsoft has been busy tending to a new swarm of bugs, including a critical hole in Windows Vista and XP that could expose you to an early-season bite without your doing anything other than being online.

In an attack, a cracker could broadcast rogue TCP/IP packets to a range of addresses on the Internet, possibly including your PC's. Sounds all too common, right? These rogue packets, however, are designed to trick their way past Windows' security and hijack your PC, making your machine part of a botnet for sending out spam--or worse, a self-copying worm.

Though Vista is generally more secure than earlier versions of Windows, hackers are increasingly finding ways through, or around, its defenses. Indeed, this is the first time since the operating system debuted last year that virtually every hole discussed in this column affects Vista in one way or another.

Microsoft reports "limited" attacks on Windows XP systems via an unexpected path exploiting a security hole in a copy protection program that comes with XP. (Windows Vista is not at risk.)

The program that attackers are leveraging is Macrovision's SafeDisc, optical-disc copy prevention software for Windows applications and games. The flaw is located in a system driver file called secdrv.sys. Microsoft immediately issued a Security Advisory.