Microsoft makes some good products, but they continue to be embarassed by holes in their software that, under the scrutiny of thousands of hackers, can be exploited to compromise your PC. The most recent vulnerability is extremely critical, because your PC can be compromised simply by visiting a malicious website, or opening an attachment on a malicious email. Because it exploits a system library that has been a part of Windows since Windows 3.0, it may also be the single largest computer security threat – ever. There have also been reports that receiving certain malicious instant messages can cause a security breach as well.
To protect yourself until a patch is released, visit only web sites that you trust, and open emails only from people who you trust. Be especially cautious about any WMF image files. If you don’t want to wait for Microsoft, there is an unofficial patch that can protect you that is available from the Internet Storm Center here: http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi