Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.
Microsoft is now issuing a replacement patch for a fix that was shelved two weeks ago after customers reported problems resulting after they installed it.
An improved notification system will help protect users from running risky applications from untrusted sources.
The software giant said applying the update could prevent machines and applications from properly restarting and loading.
The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.
They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.
Adobe this week released an update to its Flash Player to close three vulnerabilities, two of which are under active attack.
Adobe on Wednesday made available a security update to its Reader and Acrobat software to close two vulnerabilities that are under active attack.
One security bulletin fixes 13 flaws that could allow an attack to remotely execute code in several versions of IE.
The software company has updated its ubiquitous Flash software because of two pressing zero-day vulnerabilities.
The software giant expects to release a dozen patches on Tuesday, but all eyes are on two bulletins that address security flaws in Internet Explorer.
Milton Smith, Java's security lead, said Oracle will focus on browser-based Java attacks, the largest threat for users.
Oracle on Tuesday shipped its quarterly security update to close 86 vulnerabilities across its product line.
Responding to a widening outbreak of Java malware, Oracle on Sunday dispensed an urgent fix for the latest version of the software platform.
The software giant is taking the rare step of issuing an out-of-cycle patch for a dangerous IE bug that is being used in ongoing spy attacks.
A majority of the bugs patched in the latest version of Mozilla's web browser were deemed "critical."
But a researcher said the fix is not adequate and can be evaded by tweaking the malicious code. Meanwhile, it's unclear if the bug is related to a wave of Yahoo account takeovers affecting users in recent days.
Adobe also plans to patch its Reader and Acrobat products on Tuesday.
This month's news briefs include President Obama issuing guidance for the information security threat posed by insiders, charges in Butterfly botnet case and hack of AT&T website, and other security news.
Stretched across websites, carefully placed beside content and at times popping out of nowhere to steal one's attention, we can run from online advertisements, but we certainly can't hide.
When you consider how many stakeholders are invested in Microsoft's Patch Tuesday, it's no wonder the monthly affair stirs up so much energy in the cyber world.
IT administrators will scramble amid the holiday chaos to update their systems with the latest patches. So far, no exploits have been seen, but that could change now that the fixes are out.
Microsoft next week is scheduled to release seven patches to cover 11 security vulnerabilities, the software giant announced Thursday.
Mozilla has packaged fixes for nearly 30 security vulnerabilities into the latest version of its web browser, Firefox 17.
First divulged in a Russian online community, a Skype password reset vulnerability could have given attackers the ability to run amuck in users' Skype accounts.
Microsoft deemed two of the four "critical" patches to be the highest priority. One provides a cumulative update for Internet Explorer 9, the other addresses three TrueType font vulnerabilities.
Microsoft released an advanced notification highlighting six fixes that will be a part of their Patch Tuesday cycle.
The scheduled patch addresses seven "critical" flaws that could allow attackers to take over affected systems.