Browser Security News

Microsoft Corp. today issued free software updates to plug at least 10 security holes in its Windows operating system and other software. Windows users can download the patches directly from Microsoft Update or by using the Windows Automatic Updates feature. Probably the most important patch in the January batch is a fix for a Windows flaw that Microsoft said is being actively exploited by bad guys, who can use it to break into vulnerable computers just by tricking a Windows user into merely visiting a malicious Web site or opening a specially crafted e-mail.

The bug, resident in Microsoft’s implementation of a computer graphics rendering language known as "VML," exists in fully patched Windows XP computers and is similar in nature to a flaw that forced the company to issue an emergency update last fall outside of its normal second-Tuesday-of-the-month patch cycle. In fact, according to data compiled by Security Fix, Microsoft devised a patch for last September’s VML flaw just eight days after it became clear bad guys were exploiting it.

In addition to the VML patch, Microsoft today pushed out three updates to fix problems in its Office suite. Microsoft Plugs Ten Security Holes - Security Fix