I feel some nostalgia as I write this column because, after penning Bugs & Fixes for eight and a half years--102 columns total--it's time for me to sign off. I've immensely enjoyed writing for you through all those years, and I'm grateful that PC World gave me the opportunity to do so.

I've always had two goals in mind: helping you ward off current threats, and providing useful information about how security holes and attacks on them work, so you'll be better prepared to deal with future problems. I hope that I have fulfilled at least the spirit of those goals. Now, as my dad back in Montana used to say: "nuff said."

Microsoft recently released two new patches, one of which fixes a security hole that the company has been trying to plug since 2001. Amazingly, no one exploited the hole during those seven years.

Previous patches had mitigated the problem, so Microsoft rated its severity level as Important, the second-highest rating on the company's four-tier scale.

A scary security flaw that would allow malicious worms to infect one PC and then automatically jump to others prompted Microsoft to release a rare out-of-cycle patch in October. The glitch is critical for both 32-bit and 64-bit versions of Windows XP and Windows Server 2003, and for Windows Server 2000. Microsoft says that targeted attacks exploited the hole prior to the patch's release, and that "detailed exploit code" is currently available online.

This marks the first time since April 2007 that Microsoft has released a fix outside of its normal Patch Tuesday cycle; it wa s sparked by lessons learned from worm epidemics like Blaster and Slammer, which cost users billions of dollars to disinfect in 2003.

Apple's hugely popular devices may have become gold standards, but recent glitches in the new iTunes 8 bring an unwelcome blast from the past to Microsoft's latest operating system. Connect an iPhone or iPod, and some Vista PCs either crash with the dreaded Blue Screen of Death or spontaneously restart.

Apple says the problem can have more than one cause, and the company hasn't yet promised a patch. But if you're suffering from this unhappy pairing, Apple suggests a few options, including reinstalling iTunes 8, updating old device drivers, and checking for address conflicts be­­tween USB devices. For details, including which iPod models can have trouble (all iPhones do), head to Apple's support page.

Illustration: Harry CampbellComputer attacks in space are no longer the stuff of science fiction: Recently, laptops on the International Space Station turned out to have computer viruses. NASA believes that the malware--a password stealer that targets online games--may have infected the laptops via a USB thumb drive that one of the astronauts carried aboard. While it wasn't much of a threat, it just goes to show that the little buggers are everywhere.

One flaw in the largely forgotten Windows Image Color Management (ICM) system allows a villain to take over your PC if you view a tainted image displayed on a Web page or embedded in an Office document or e-mail. This is one of 19 holes for which Microsoft issued six "critical" patches; attackers could use them for their malicious creations (no booster rocket required). Though ICM (meant to ensure that colors display correctly on different devices) never caught on, the insecure code still resides in Windows 2000 Service Pack 4 (SP4) through XP SP3 and Windows Server 2003. Vista users are safe.

Illustration: Harry CampbellMozilla's Firefox 3, upon its recent release, set a new record for browser downloads in a single day: more than 8 million copies in just 24 hours. So it's no surprise that these days hackers are spending more time hunting for Firefox holes.

Mozilla issued updates to patch two security holes in both Firefox 2 and 3. The first fix blocks a malicious attack program from crashing Firefox by sending more pipe (the vertical line, or "|") characters than the browser can handle. The second vulnerability involves a similar overflow attack risk.

Illustration: Harry CampbellThese days, the makers of popular software may as well put big bull's-eyes on their products. When nearly everyone uses a particular program, a security hole in that application instantly creates a huge pool of targets for online crooks.

Here's an example: This month Adobe closed a hole in its Acrobat and Reader programs even as they were already under attack--a true zero-day scenario.