nCircle

Microsoft on Tuesday released two security bulletins to fix eight bugs in its Windows and Microsoft Office software. Both bulletins are rated important, but analysts said many of the vulnerabilities could potentially be more severe if exploited.

Joshua Talbot, security intelligence manager at Symantec Security Response, is concerned that in many enterprise environments, Windows XP is still common, and these vulnerabilities are more serious on XP and older systems.

Microsoft on Tuesday patched 26 vulnerabilities in 13 security bulletins. Eleven bulletins affect Windows and two affect older versions of Microsoft Office.

Although there's plenty of attention to a critical vulnerability in DirectShow, the SMB pathname overflow vulnerability tops Joshua Talbot's list this month. Talbot is a security intelligence manager at Symantec Security Response.

Google might think Chinese censorship of the Internet is unacceptable, but Bill Gates says it's not that bad. In an interview with George Stephanopoulos on ABC's Good Morning America, Gates called China's attempts to censor the Internet "very limited," and said its controls are not much different than other countries' policies.

On Tuesday, Google revealed cyberattacks against it and other U.S. companies. Within two days, security researchers had traced one of the open doors back to Internet Explorer. Microsoft has admitted that a remote code execution (RCE) vulnerability exists in IE.

"Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," said Mike Reavy, Microsoft Security Response Center director.

Microsoft issued a single security bulletin that addressed just one vulnerability on Tuesday. However, Microsoft rated the vulnerability as critical. Meanwhile, Oracle and Adobe put out patches of their own, making it a busy week for IT administrators.

The cracking of GSM encryption by 28-year-old German security expert Karsten Nohl has sent shock waves through the wireless industry. But the crack should come as no surprise to an industry that has long given short shrift to security, an analyst says.

Nohl -- working with others around the Internet -- has created a guidebook for cracking the Global System for Mobile communication's 64-bit A5/1 algorithm, which was adopted in 1988. 3G networks use 128-bit encryption to protect caller privacy and the new A5/3 algorithm is being "phased in," GSM Association spokesperson Claire Cranton said.

Another Patch Tuesday, another batch of fixes for critical issues. In December's cycle, Microsoft issued six security bulletins that address 12 vulnerabilities, seven rated as critical. Five of those critical updates fix issues in Internet Explorer that could be used in drive-by attacks.

After a record-breaking October, IT administrators are welcoming a relatively light Patch Tuesday this month. But security researchers said there are serious issues that need to be addressed quickly.

Of the six patches Microsoft released Tuesday, three are critical. The three critical fixes focus on bugs in several versions of Windows, but Windows 7 is apparently immune. There are also three updates rated important that IT administrators need to deploy.

While IT administrators around the world had their hands full planning to implement the largest-ever set of patches from Microsoft on Tuesday, another software maker quietly rolled out a massive fix of its own.

On what will go down in IT admin history as a day of headaches, Adobe Systems rolled out updates for Acrobat and Reader on Tuesday. The updates address 29 critical security vulnerabilities for the PDF applications, which are used across business and consumer PCs around the world.

Microsoft on Tuesday issued nine security updates to patch 19 vulnerabilities. The bugs affect a wide range of Microsoft products, including Windows, Outlook Express, Windows Media Player, Office and Internet Information Server (IIS).