I feel some nostalgia as I write this column because, after penning Bugs & Fixes for eight and a half years--102 columns total--it's time for me to sign off. I've immensely enjoyed writing for you through all those years, and I'm grateful that PC World gave me the opportunity to do so.

I've always had two goals in mind: helping you ward off current threats, and providing useful information about how security holes and attacks on them work, so you'll be better prepared to deal with future problems. I hope that I have fulfilled at least the spirit of those goals. Now, as my dad back in Montana used to say: "nuff said."

Microsoft recently released two new patches, one of which fixes a security hole that the company has been trying to plug since 2001. Amazingly, no one exploited the hole during those seven years.

Previous patches had mitigated the problem, so Microsoft rated its severity level as Important, the second-highest rating on the company's four-tier scale.

A scary security flaw that would allow malicious worms to infect one PC and then automatically jump to others prompted Microsoft to release a rare out-of-cycle patch in October. The glitch is critical for both 32-bit and 64-bit versions of Windows XP and Windows Server 2003, and for Windows Server 2000. Microsoft says that targeted attacks exploited the hole prior to the patch's release, and that "detailed exploit code" is currently available online.

This marks the first time since April 2007 that Microsoft has released a fix outside of its normal Patch Tuesday cycle; it wa s sparked by lessons learned from worm epidemics like Blaster and Slammer, which cost users billions of dollars to disinfect in 2003.

Apple's hugely popular devices may have become gold standards, but recent glitches in the new iTunes 8 bring an unwelcome blast from the past to Microsoft's latest operating system. Connect an iPhone or iPod, and some Vista PCs either crash with the dreaded Blue Screen of Death or spontaneously restart.

Apple says the problem can have more than one cause, and the company hasn't yet promised a patch. But if you're suffering from this unhappy pairing, Apple suggests a few options, including reinstalling iTunes 8, updating old device drivers, and checking for address conflicts be­­tween USB devices. For details, including which iPod models can have trouble (all iPhones do), head to Apple's support page.

One flaw in the largely forgotten Windows Image Color Management (ICM) system allows a villain to take over your PC if you view a tainted image displayed on a Web page or embedded in an Office document or e-mail. This is one of 19 holes for which Microsoft issued six "critical" patches; attackers could use them for their malicious creations (no booster rocket required). Though ICM (meant to ensure that colors display correctly on different devices) never caught on, the insecure code still resides in Windows 2000 Service Pack 4 (SP4) through XP SP3 and Windows Server 2003. Vista users are safe.

Mozilla issued updates to patch two security holes in both Firefox 2 and 3. The first fix blocks a malicious attack program from crashing Firefox by sending more pipe (the vertical line, or "|") characters than the browser can handle. The second vulnerability involves a similar overflow attack risk.

Here's an example: This month Adobe closed a hole in its Acrobat and Reader programs even as they were already under attack--a true zero-day scenario.

This Jet is a database engine in Windows XP, Vista, and 2000 for use by other programs that you might install, such as Office. It's normally behind the scenes, but a recent zero-day security bug--one that actively attacked before there was a fix--let the bad guys take over vulnerable PCs by targeting a Jet flaw. XP SP2 and Windows 2000 SP4 (and earlier) are at risk; Vista and XP SP3 are safe.

Still on Windows XP? Me too. So we'll both want to be sure to install Windows XP Service Pack 3 (SP3), which should be available from Microsoft by the time you read this.

SP3 will come via Automatic Updates, and like most service packs, it focuses on must-have bug fixes. Unlike SP2, which included big changes with the Windows Security Center, this third pack adds new functionality only for enterprise networks.

Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

Microsoft says a few programs, including The New York Times Reader and Zone Alarm 7.1 security suite, can't start or work properly with Vista SP1. Most affected companies now have updates to fix the problem.

Just in time for spring, Microsoft has been busy tending to a new swarm of bugs, including a critical hole in Windows Vista and XP that could expose you to an early-season bite without your doing anything other than being online.

In an attack, a cracker could broadcast rogue TCP/IP packets to a range of addresses on the Internet, possibly including your PC's. Sounds all too common, right? These rogue packets, however, are designed to trick their way past Windows' security and hijack your PC, making your machine part of a botnet for sending out spam--or worse, a self-copying worm.