A critical flaw has been discovered in Norton Personal Firewall, prompting a suggested upgrade from Symantec. Newer versions of the software are not affected, only Norton Internet Security 2004 and NPF 2004, making it very late to the game indeed. The flaw involves ActiveX, and can ultimately result in system compromise. While it would be strange indeed to find a machine so out of date, they are out there and often expired subscriptions are never fixed, resulting in a vulnerable machine.

Symantec released the security notice last week. The updates for it are available via LiveUpdate. Anyone running versions 2005 or later are unaffected.