In a recent column I reported that SSL, which safeguards your personal data on the web, has been hackable in Internet Explorer ever since version 5.0, released in 1999 (see IE's lock-down flaw).
I wrote then that, because IE -- unlike Netscape and some other browsers -- relies on SSL routines found in the OS, every version of Windows would require a different patch.
To its credit, Microsoft posted between September 4 and 9 a whole series of corrective updates for Windows 98, Me, NT, 2000 and XP. These should be applied immediately by all users, and e-commerce sites should alert customers to this fact. Details of the problem -- and links to the version-specific patches -- are here.
That should solve IE's weakness. But as explained in the above document's Caveats section, look for revised patches soon. These will fix a glitch that prevents the installation of some hardware signed with a Microsoft digital certificate.
Besides patching Windows, you must also download and apply fixes if you use Mac versions of Microsoft Office, Outlook Express and IE.
In another recent column I wrote that many companies are upset about new licence language in SP3 (service pack 3) for Windows 2000. The new terms give Microsoft the right to make silent OS changes "that will be automatically downloaded to your computer" (see Sneaky service packs).
Windows 2000 doesn't auto-download all that much yet. But people are also mad as hell about routine SP3 changes which they clicked OK to.
Echoing readers' cries that I previously printed, Howard Plumley writes, "SP3 upgrades the Windows Installer to version 2.0.2600.1. This is incompatible with Data1.msi on the MS Office  CD. I cannot add users because they can't run Office. I can't patch Office because of the requirement to insert the CD to apply patches."
Microsoft already knows about many problems like these, and there are work-arounds. Explanations of this and other SP3 headaches -- and links to Microsoft's prescriptions -- are available here and here.
How far does Windows XP go? The new licence language in Windows XP's SP1, released to the public on September 9, differs from the beta service pack that I discussed previously.
The final text now says you authorise SP1 to install on your computer "technological measures that are designed to prevent unlicensed use". I'm all for stopping mass pirating, but so many questions have been raised about these "measures" that I'll dissect them in detail next week.