The Security Mentor

Don't waste any time getting Microsoft's newest security fixes. It's "Windows Update" on the Start menu. Today's set is important because Microsoft reportedly has evidence that bad guys are attacking through one of the flaws that Microsoft fixed.

In the meantime, you're at risk from

• Opening a maliciously built Word document
• Opening a picture of just about any sort
• Visiting the wrong web page

It's the last one that bad guys are exploiting now.
UPDATE 7-13: Microsoft now says that both of the Windows problems are in use in the wild for real attacks. For the Word problem, Windows Update doesn't help, you need to update Office separately at http://office.microsoft.com/en-us/officeupdate/default.aspx. Once you get the updates, you'll discover that they won't install unless you put in your original Office CD (or reconnect to the network location where your company put it. This doesn't apply to you if you're at a large company, which will have a way of managing installations that avoids the problem of needing the original installation source).

This isn't the kind of problem that firewalls help with, and even if your antivirus software begins looking for attacks on these weak points, by the time it does that you should already have updated Windows.