The database giant repaired critical flaws in Oracle Database, BEA WebLogic and Oracle E-Business Suite.

Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability

[USN-803-1] dhcp vulnerability

Microsoft Corp. today issued software updates to plug at least nine different security holes in its various Windows operating systems and other software. Today's patch batch includes fixes for two very serious flaws that are actively being exploited by attackers to break into vulnerable PCs. Redmond issued patches to fix the vulnerability in itsVideo ActiveX Control for Internet Explorer, as well as the DirectShow flaw in Windows. Criminals currently are using both security holes to plant rogue software on PCs when users visit certain hacked or malicious Web sites. Contrary to what Microsoft itself said, the company did not release an official patch to plug the other ActiveX flaw hackers are actively exploiting -- which I first wrote about yesterday. Instead, it has released an interim workaround to blunt the threat from that weakness. Unfortunately, someone at Redmond seems to be a little confused about this point. In its advisory,

ZDI-09-045: Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability