director of security operations

Microsoft on Tuesday released two security bulletins to fix eight bugs in its Windows and Microsoft Office software. Both bulletins are rated important, but analysts said many of the vulnerabilities could potentially be more severe if exploited.

Joshua Talbot, security intelligence manager at Symantec Security Response, is concerned that in many enterprise environments, Windows XP is still common, and these vulnerabilities are more serious on XP and older systems.

Microsoft on Tuesday patched 26 vulnerabilities in 13 security bulletins. Eleven bulletins affect Windows and two affect older versions of Microsoft Office.

Although there's plenty of attention to a critical vulnerability in DirectShow, the SMB pathname overflow vulnerability tops Joshua Talbot's list this month. Talbot is a security intelligence manager at Symantec Security Response.

Google might think Chinese censorship of the Internet is unacceptable, but Bill Gates says it's not that bad. In an interview with George Stephanopoulos on ABC's Good Morning America, Gates called China's attempts to censor the Internet "very limited," and said its controls are not much different than other countries' policies.

Just when you thought it was safe to go back into the Internet Explorer browser waters, a new threat has emerged despite Microsoft's speedy out-of-band security patch. Symantec has confirmed a new exploit for the security hole used in the recent high-profile attacks against Google and other companies. The new exploit is in the wild and IT administrators who haven't applied Thursday's emergency patch are at risk.

The new threat is not the same Trojan.Hydraq malware that was used in the recent attacks against Google.

On Tuesday, Google revealed cyberattacks against it and other U.S. companies. Within two days, security researchers had traced one of the open doors back to Internet Explorer. Microsoft has admitted that a remote code execution (RCE) vulnerability exists in IE.

"Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," said Mike Reavy, Microsoft Security Response Center director.

Microsoft issued a single security bulletin that addressed just one vulnerability on Tuesday. However, Microsoft rated the vulnerability as critical. Meanwhile, Oracle and Adobe put out patches of their own, making it a busy week for IT administrators.

The cracking of GSM encryption by 28-year-old German security expert Karsten Nohl has sent shock waves through the wireless industry. But the crack should come as no surprise to an industry that has long given short shrift to security, an analyst says.

Nohl -- working with others around the Internet -- has created a guidebook for cracking the Global System for Mobile communication's 64-bit A5/1 algorithm, which was adopted in 1988. 3G networks use 128-bit encryption to protect caller privacy and the new A5/3 algorithm is being "phased in," GSM Association spokesperson Claire Cranton said.

Another Patch Tuesday, another batch of fixes for critical issues. In December's cycle, Microsoft issued six security bulletins that address 12 vulnerabilities, seven rated as critical. Five of those critical updates fix issues in Internet Explorer that could be used in drive-by attacks.

Google has announced a public DNS system designed to improve the Internet's performance and security. Google Public DNS is a free, global Domain Name System resolution service.

Internet security and climate change had a surprising run-in last week, as thousands of emails from the University of East Anglia's Climate Research Unit wound up on climate-skeptic web sites. The University says it is cooperating with police and launching its own investigation into how the emails wound up online.