Alfred Huger

In a notable Patch Tuesday, Microsoft issued a single security bulletin to address 14 vulnerabilities, 11 of them rated critical. All of this month's patches relate to various versions of Microsoft PowerPoint.

May's Patch Tuesday is only the fourth time in four years Microsoft has issued just one security bulletin, but that one bulletin addresses the most vulnerabilities of any release in Microsoft history.

One economy apparently isn't hurting these days -- the one run by identity thieves in the dark corners of the Internet.

Demand and prices remain stable for stolen credit cards, Social Security numbers and other private information, according to a new study by security software maker Symantec Corp.

Meanwhile, the supply of such data is steady too, thanks to the way the recession has inspired new scams targeting people who are worried about work and their finances, according to the Symantec report and another study from Gartner Inc. that was due to be released Tuesday.

Microsoft on Tuesday issued three security bulletins that address a total of eight vulnerabilities, one of them rated critical. Two are rated important.

"This month's critical vulnerability affects the Windows kernel and can allow an attacker to gain complete control of a user's machine simply by the user viewing a Web site infected with a malicious .WMF or .EMF picture file," said Alfred Huger, vice president of development at Symantec Security Response.

Microsoft released critical fixes on Patch Tuesday for vulnerabilities that could leave the door open for worms that wreak havoc on business networks. In all, Microsoft released one security bulletin that addresses three vulnerabilities, two of them rated critical.

Microsoft released critical fixes on Patch Tuesday for vulnerabilities that could leave the door open for worms that wreak havoc on business networks. In all, Microsoft released one security bulletin that addresses three vulnerabilities, two of them rated critical.

Microsoft on Tuesday patched four vulnerabilities in two security updates for Windows and Microsoft Office. Compared to recent Patch Tuesdays, November is a light month and Microsoft did some housecleaning by fixing a critical bug disclosed nearly two years ago.

MS08-069 is the most serious of the November updates, fixing three individual flaws in Microsoft XML Core Services. This vulnerability went public more than 22 months ago. The other update, MS-08-068, is rated important and fixes a flaw in the Server Message Block (SMB) protocol.

Consumers who use search engines, online social networks, browsers and the like face a gantlet of viruses and malicious software code, according to a cybersecurity report from Symantec, issued Tuesday as security experts gather here for the sprawling RSA Conference on tech security.

The repercussions go beyond the loss of personal data, security experts say. As more consumers are victimized, it could undercut their confidence in legitimate Web sites, says Billy Hoffman, manager of Hewlett-Packard Security Labs.

Fierce competition among identity thieves has driven the prices for stolen data down to bargain-basement levels, which has forced crooks to adopt mainstream business tactics to lure customers, according to a new report on Internet security threats.

Credit card numbers were selling for as little as 40 cents each and access to a bank account was going for $10 in the second half of 2007, according to the latest twice-yearly Internet Security Threat Report from Symantec Corp. released Tuesday.