Harry Campbell

This Jet is a database engine in Windows XP, Vista, and 2000 for use by other programs that you might install, such as Office. It's normally behind the scenes, but a recent zero-day security bug--one that actively attacked before there was a fix--let the bad guys take over vulnerable PCs by targeting a Jet flaw. XP SP2 and Windows 2000 SP4 (and earlier) are at risk; Vista and XP SP3 are safe.

Like many security holes, this one has to do with sending a program more data than it's expecting--basically flooding it with information to cause what's called a buffer overflow. Opening a downloaded or e-mailed booby-trapped .mdb file triggers the attack.

Get the fix via Automatic Updates or from Microsoft.

Installing XP SP3 closes this hole as well--but SP3 caused major headaches for some HP Pavilion and Compaq Presario desktop PCs with AMD processors. Some of those machines with Windows installed a particular way will reboot continuously after SP3 is installed.

If you have a Pavilion or Presario and haven't yet installed SP3, check out a free tool from Jesper Johansson, a former Microsoft employee and a security expert. The tool can evaluate your system and fix the problem before it occurs.

Or if you're already tearing your hair out over an affected PC, head to an HP advisory with instructions on how to break the restart cycle and fix the problem. Also, Microsoft is providing free technical support for XP SP3 installation problems: You can either call 866/234-6020 or browse to this Microsoft support page for XP Home users.

Microsoft's Malware Protection Gets Mauled

Antivirus apps today often contain safeguards to forestall attacks against software holes in other programs. But what if your antivirus app itself has a flaw? You'd better get the fix, quick.

Microsoft's Malware Protection Engine, used by Windows Live OneCare, Vista's and XP's Windows Defender program, and several Microsoft corporate security products, suffered from two bugs that could allow an attacker to crash the affected program if you viewed an infected Web page or opened a poisoned e-mail. Though Redmond rates the risk as only moderate and no attacks have yet been reported, someone often figures out how to take advantage of such forced crashes to take complete control of a victim PC. So if you use one of these Microsoft apps, be sure it's current on its program updates. Or download the fix.

The Microsoft fixes continue this month with patches for Word, Outlook, and Publisher. Critical flaws affecting Word 2007 and 2000 SP3, Outlook 2007, and Publisher 2000 SP3 could allow an attacker to completely compromise your PC if you open a malicious file or preview a corrupted HTML message in Outlook. Office 2003 components carry less risk from the bug. Get the fix and more info.

More Essential Adobe Fixes

It's not all about Microsoft--Adobe issued eight critical fixes for holes in its Acrobat and Acrobat Reader programs. Crooks love to go after flaws in near-ubiquitous software like Reader, and one of these bugs is already under attack, so be sure you close these holes. Opening a poisoned .pdf could leave you at a cyber assailant's mercy.

Finally, if you have a Cricket EZ mobile phone, the company recalled about 285,000 of the small black-and-silver units sold in the United States in February and March 2008 because they may fail to properly connect to 911 services. To find out if your phone is affected and for recall info, dial 866/441-1577 or visit Cricket support.

Bugged?