News

• Google patches Chrome second time this month

  Google patched 10 vulnerabilities in Chrome this week, including one pegged critical on the Mac.

• Microsoft smacks patch-blocking rootkit second time

  For the second month in a row, Microsoft has tried to eradicate a mutating rootkit that has blocked some Windows users from installing security updates.

• Google patches Chrome for second time this month

  Google patched three vulnerabilities in the Windows version of Chrome earlier in the week, marking the second time that it's plugged security holes this month.

• McAfee offers security review to compensate companies for bad update

  McAfee today announced it would offer business customers affected by last week's flawed update a free one-year subscription to its automated security assessment service.

• After attacks, Oracle patches Java bug

  One week after a critical bug was made public, Oracle has patched its Java virtual machine to fix an exploit that could be used to sneak malicious software onto a computer.

• Microsoft slates 25-patch Windows update for next week

  Microsoft today said it would deliver 11 security updates next week to patch 25 vulnerabilities in Windows, Office and Exchange.

• Adobe issues emergency PDF patches

  Adobe today released an emergency update that patched a pair of critical vulnerabilities in its popular PDF viewing and editing software.

• Adobe to rush out another critical Reader patch

  Just weeks after patching a critical flaw, Adobe Systems is rushing out another patch for its Reader and Acrobat software. The company also patched a critical issue in Flash Player Thursday.

• Microsoft delivers huge Windows security update

  For the second time in the last four months, Microsoft today shipped a record 13 security updates that patched dozens of vulnerabilities in Windows.

• Microsoft slates colossal Windows patch next week

  Microsoft today said it will deliver a record-tying 13 security updates on Tuesday to patch more than two dozen vulnerabilities in Windows and Office.

• Microsofts plugs IE hole, urges upgrade

  Microsoft has issued an out-of-band security patch to fix the much-publicised vulnerability affecting older versions of Internet Explorer.

• Skip Microsoft's critical patch, focus on Adobe's, experts urge

  Microsoft today issued just one security update for Windows, the lowest number on a Patch Tuesday since January 2009.

• Oracle critical patch update includes 24 fixes

  Oracle on Tuesday will release a patch update that includes 24 security fixes for its database, application server and other products.

• Bugs and fixes: zero-day patch for Internet Explorer 6 or 7

  A dangerous vulnerability in Internet Explorer 6 and 7 became publicly known before a fix was available, raising the specter of a high-risk zero-day attack. The bug involves the way IE handles Cascading Style Sheets (CSS) objects, and could let an attacker run any command on a targeted Windows XP, Vista, Server 2003, or Server 2008 PC. Bad guys have already posted sample attack code online. IE 8 is not affected. For more information, see Microsoft Security Advisory 977981.Meanwhile, a bug in the way Windows handles Embedded OpenType could allow a baddie to take over vulnerable Windows XP, 2000, or Server 2003 computers via malicious Websites or poisoned Office documents. The bug can't harm Vista or Server 2008, and doesn't affect Windows 7. Read Microsoft Security Bulletin MS09-065 for details.

• After code is released, Adobe Illustrator fix due Jan 8

  Nearly a week after an unidentified hacker posted attack code that exploits a flaw in Adobe's Illustrator software, the company says it will fix the issue by Jan. 8.