Microsoft Corp. today issued patches to mend at least nine separate vulnerabilities in its Windows 
operating systems and other software, including three security holes that criminal hackers already are exploiting. As always, users can download and install the patches via Microsoft Update or through the company’s Automatic Updates service.
The new patches fix at least three vulnerabilities in Internet Explorer that hackers could use to install malicious software just by getting victims to visit a specially crafted Web site. One of the IE problems also is exploitable if a recipient merely views a tainted HTML message in an e-mail preview pane. Microsoft said the IE flaws are far less of a problem on Windows Server 2003 systems and for users of IE7, as the default security settings on those systems won’t allow exploitation of the flaws. Microsoft Patches 9 Security Holes - Security Fix
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag