Sometimes this column seems like a TV hospital drama, with every patient hanging by a thread. All too often, Windows (or one of its main components) is on life support, and you're the physician on call. And this episode could be a season finale: Internet Explorer and Outlook Express require a pair of big, cumulative patches to deal with five really bad bugs, while Windows itself needs attention stat.

The IE patch repairs four major glitches in versions 5.01 through 6 that could let a miscreant completely take over your PC or wipe your hard drive clean. With two of these holes, simply visiting a bad guy's Web site could initiate the attack; you wouldn't even have to click something.

Of course, if you stay away from places you wouldn't want your mother to see, your PC is much less likely to end up in the computer hospital in critical condition. To play it safe, grab Microsoft's patch.

Outlook Express 5.5 and 6 contain a vulnerability that could allow a cracker to cause just as much harm. Merely receiving an e-mail--without opening it--could automatically trigger the attack. But there's a twist: Though the hole is in OE, you're also in danger if you run Outlook 98 through 2002 without a certain update (more below). Why? Because Outlook uses OE to provide some important features. If you run Outlook Express 6 or Outlook 2002 under the default Medium security setting, or Outlook 98 or 2000 with the Outlook Security Update loaded, you can block an automated e-mail attack. But you're still vulnerable to clicking a tarnished link either in an e-mail or on a bad guy's Web site. Get the cure.

Microsoft also discovered a security threat in its Java Virtual Machine, which has shipped with Windows since Windows 95, as well as with many versions of IE. The VM enables IE, Outlook, and Outlook Express to run Java applets. However, one key feature of the VM is broken: the part that ensures Java applets are not malicious.

Preventive medicine is the best kind. Grab an updated version of the VM.