Microsoft, Oracle and Adobe all patched critical issues on what has now become the traditional day for updates, the second Tuesday of the month.
While Microsoft shuttered a single issue in the Embedded OpenType Font Engine, which affects all versions of Windows but is only rated Critical for Windows 2000, Oracle patched two dozen security issues affecting hundreds of products and Adobe closed eight flaws in its popular Adobe Reader and Acrobat products. The vulnerabilities closed by Adobe included an issue that the company warned is currently being used in attacks.
"It was a light month in terms of Microsoft," Ben Greenbaum, senior research manager, Symantec Security Response, said in a statement. "But because Adobe is addressing a number of security holes, at least one of them critical, and Oracle is also fixing 24 vulnerabilities, a lot of IT managers are still going to have their hands full."
Symantec is the parent company of SecurityFocus.
Oracle's update patches flaws in its Database 11g, 10g, and 9i products as well as its Applications Server, E-Business Suite and WebLogic server.
Microsoft originally reorganized its patch procedure in October 2003, assigning a single day -- the second Tuesday of every month -- as Patch Tuesday. Adobe announced last May that the company would also begin releasing updates every quarter, also on Patch Tuesday. Oracle also releases on a quarterly schedule.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos