PuTTY has fixed a vulnerability that could allow malware to read your SSH passwords from memory:

When PuTTY has sensitive data in memory and has no further need for it, it should wipe the data out of its memory, in case malware later gains access to the PuTTY process or the memory is swapped out to disk or written into a crash dump file. An obvious example of this is the password typed during SSH login; other examples include obsolete session keys, public-key passphrases, and the private halves of public keys.

The bug existed from PuTTY 0.59 to 0.61 inclusive. Vulnerability report and download page.