Andrew Storms

Microsoft on Tuesday released two security bulletins to fix eight bugs in its Windows and Microsoft Office software. Both bulletins are rated important, but analysts said many of the vulnerabilities could potentially be more severe if exploited.

Joshua Talbot, security intelligence manager at Symantec Security Response, is concerned that in many enterprise environments, Windows XP is still common, and these vulnerabilities are more serious on XP and older systems.

Google might think Chinese censorship of the Internet is unacceptable, but Bill Gates says it's not that bad. In an interview with George Stephanopoulos on ABC's Good Morning America, Gates called China's attempts to censor the Internet "very limited," and said its controls are not much different than other countries' policies.

Just when you thought it was safe to go back into the Internet Explorer browser waters, a new threat has emerged despite Microsoft's speedy out-of-band security patch. Symantec has confirmed a new exploit for the security hole used in the recent high-profile attacks against Google and other companies. The new exploit is in the wild and IT administrators who haven't applied Thursday's emergency patch are at risk.

The new threat is not the same Trojan.Hydraq malware that was used in the recent attacks against Google.

On Tuesday, Google revealed cyberattacks against it and other U.S. companies. Within two days, security researchers had traced one of the open doors back to Internet Explorer. Microsoft has admitted that a remote code execution (RCE) vulnerability exists in IE.

"Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," said Mike Reavy, Microsoft Security Response Center director.

The cracking of GSM encryption by 28-year-old German security expert Karsten Nohl has sent shock waves through the wireless industry. But the crack should come as no surprise to an industry that has long given short shrift to security, an analyst says.

Nohl -- working with others around the Internet -- has created a guidebook for cracking the Global System for Mobile communication's 64-bit A5/1 algorithm, which was adopted in 1988. 3G networks use 128-bit encryption to protect caller privacy and the new A5/3 algorithm is being "phased in," GSM Association spokesperson Claire Cranton said.

Another Patch Tuesday, another batch of fixes for critical issues. In December's cycle, Microsoft issued six security bulletins that address 12 vulnerabilities, seven rated as critical. Five of those critical updates fix issues in Internet Explorer that could be used in drive-by attacks.

Google has announced a public DNS system designed to improve the Internet's performance and security. Google Public DNS is a free, global Domain Name System resolution service.

Internet security and climate change had a surprising run-in last week, as thousands of emails from the University of East Anglia's Climate Research Unit wound up on climate-skeptic web sites. The University says it is cooperating with police and launching its own investigation into how the emails wound up online.

After a record-breaking October, IT administrators are welcoming a relatively light Patch Tuesday this month. But security researchers said there are serious issues that need to be addressed quickly.

Of the six patches Microsoft released Tuesday, three are critical. The three critical fixes focus on bugs in several versions of Windows, but Windows 7 is apparently immune. There are also three updates rated important that IT administrators need to deploy.

While IT administrators around the world had their hands full planning to implement the largest-ever set of patches from Microsoft on Tuesday, another software maker quietly rolled out a massive fix of its own.

On what will go down in IT admin history as a day of headaches, Adobe Systems rolled out updates for Acrobat and Reader on Tuesday. The updates address 29 critical security vulnerabilities for the PDF applications, which are used across business and consumer PCs around the world.