Bugs surfacing in recent weeks include Windows vulnerabilities that could allow bad guys to enter your computer, as well as flaws in Adobe Shockwave Player and Photoshop that could permit attackers to run malicious code and possibly commandeer your system.

The Patch Tuesday fix that Microsoft released on May 11 includes two critical updates. The first addresses a vulnerability in Outlook Express and Windows Mail that could allow remote execution (that is, attackers could do whatever they want with your PC) if you visit a malicious e-mail server. This update is rated critical for Outlook Express on all supported editions of Windows 2000, XP, and Server 2003, and for Windows Mail on all supported editions of Windows Vista and Server 2008. See Microsoft's security bulletin for the full details.

The second update corrects a flaw in Visual Basic for Applications that "could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime." If you logged in as an administrator on your PC, attackers could potentially take control of your system, install programs, and view, change, or delete data. Microsoft says this critical update applies to all supported versions of Visual Basic for Applications and to any program that uses it. The update is also important for all supported editions of Microsoft Office XP, 2003, and 2007.

Microsoft recommends that users acquire both of these updates. If you do not have automatic updating turned on, the company suggests downloading these critical updates manually. You can do so by going to Control Panel, selecting the Windows Update icon, and then clicking Check for Updates. You can learn more about the flaws--and download patches manually.