patches

Microsoft fixed 25 holes on Tuesday, including critical ones for Windows that could be triggered by browsing to a malicious Web page, while Adobe plugged 15 holes in Reader and Acrobat and launched its new updater service.

Oracle also released its own critical patch update, covering nearly 50 new vulnerability fixes across hundreds of its products, on what was turning out to be an uber Patch Tuesday.

Microsoft said customers should deploy all 11 of its security updates, which include five that are critical, as soon as possible. However, three were listed as top priorities:

• MS10-019, which affects all versions of Windows and would allow an attacker to alter signed executable content without invalidating the signature

• MS10-026, which is critical on Windows 2000, XP, Server 2003 and Server 2008, and could allow an attacker to take complete control if a victim were to open a malicious AVI (Audio Video Interleave) file or had it stream from a Web site

• MS10-027, which affects Windows 2000 and XP users and could be triggered if they visited a malicious Web page, according to its bulletin summary. … Read more

Microsoft will issue 11 security bulletins in next week's Patch Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange, including two holes for which exploit code is in the wild.

Five of the bulletins address critical vulnerabilities that could allow an attacker to take control of the computer, five are rated important, and one is rated moderate.

With the updates, Microsoft will be closing two outstanding security advisories that have been worrisome because code to exploit the vulnerabilities is available publicly.

One of the advisories is 981169, which involves a vulnerability in VBScript that could allow the … Read more

Adobe will release its latest security updates for Reader and Acrobat on Tuesday via a new update system it has been testing the past six months, the company said on Thursday.

The Adobe updates will coincide with April's Patch Tuesday during which Microsoft will fix 25 vulnerabilities, including two for which exploit code has been released in the wild.

On Tuesday, Adobe will activate its updater technology for all users of Adobe Reader and Acrobat and use it to deliver the updates to resolve critical security issues, details of which were not disclosed in its security advisory.

The updates … Read more

Windows automatic updates are a good thing. They keep your system patched, so you should probably leave the updater on. However, they can be annoying. The updater is always prompting you, or even automatically rebooting your system when you walk away for a moment. I'll show you how to turn off the automatic updates, only if you promise to manually keep up with the patches! We don't need another zombie-Windows-machine botnet out there.

Go to Windows Update by clicking the start button, choosing all programs, and then clicking Windows Update.

On the left side of the panel, click … Read more

Microsoft issued an emergency security update on Tuesday to plug 10 holes in Internet Explorer, including a critical vulnerability that has been exploited in attacks in the wild.

The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. The most severe vulnerabilities could lead to remote code execution and a complete takeover of the computer if a user were to view a malicious Web site using IE, Microsoft said in the bulletin summary.

Users of IE8 and Windows 7 are not vulnerable to the flaw being used in specific attacks, according … Read more

Microsoft will release an emergency update on Tuesday for Internet Explorer that fixes nine vulnerabilities, including one that has been exploited in attacks on IE6 and IE7 systems, the company said on Monday.

Microsoft warned of the attacks three weeks ago, releasing Security Advisory 981374 during its most recent Patch Tuesday.

The zero-day IE hole could allow an attacker to take control of a machine if a user visited a malicious Web site. Users of IE8 and Windows 7 are not vulnerable to that particular flaw, Microsoft said in its bulletin notification. However, all current versions of Windows are listed … Read more

Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet.

With the announcement it seems increasingly likely that the company will be issuing a patch for the hole before the next Patch Tuesday in about four weeks, if the testing of the patch goes quickly.

Microsoft warned about the hole, which it said was being targeted in attacks and could allow an attacker to take control of a computer, in an advisory on Tuesday. The next day, Israeli researcher Moshe … Read more

Microsoft warned of a new vulnerability in Internet Explorer 6 and IE 7 that has been targeted in attacks, and released fixes for eight holes in Windows and Office as part of Patch Tuesday.

The company issued Security Advisory 981374, which addresses a privately disclosed vulnerability. The hole could allow an attacker to take control of a machine if a user visited a malicious Web site, Microsoft said.

There are some features that could mitigate the effects of an attack. For instance, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the … Read more

Microsoft will issue two bulletins fixing eight vulnerabilities rated "important" in Windows and Microsoft Office products on Tuesday, the company announced on Thursday.

This represents a light Patch Tuesday, a contrast to last month when the company patched 26 holes with 13 bulletins, including critical vulnerabilities for Windows.

Meanwhile, Microsoft is continuing to monitor the situation with a VBScript vulnerability that was disclosed on Monday, Jerry Bryant, senior security communications manager lead at the company, wrote in a blog post.

Proof-of-concept code has been published on the Internet that exploits that vulnerability, which affects older Windows systems running … Read more