Microsoft fixes IE, Office in big month of security updates
Microsoft released patches to fix 19 critical vulnerabilities in its software Tuesday, including five flaws in its Internet Explorer browser that security experts advise IT administrators to patch immediately. The total of 11 security updates released for August is the largest round of Patch Tuesday updates Microsoft has released since last February and should give IT administrators plenty to do to secure their companies' systems.
Microsoft advisory roundup

Microsoft re-issues July WSUS patch
Microsoft Corp. yesterday re-issued a July fix for a bug that had prevented some network administrators from using the company's primary business patch management tool to deploy security updates. The patch was included in the monthly Patch Tuesday release.
Microsoft advisory

**********

Researcher reveals critical Java bugs in Nokia phones
Two critical flaws in Sun Microsystems' Java technology for mobile devices could be used by hackers to secretly make calls, record conversations and access information on Nokia Series 40 cell phones, a Polish researcher said today. Computerworld, 08/11/2008.
F-Secure: About the Java vulnerability on S40 phones
**********

VMware bug bombs virtual servers
Many VMware customers Tuesday were prevented from logging onto their virtual servers as a bug distributed in a software update effectively stopped the boxes from powering up. According to VMware, the issue involves ESX 3.5 Update 2 and ESXi 3.5 and customers powering on virtual machines (VM) that have been upgraded with those releases. In a statement, VMware said it is "working on an immediate patch for customers in production. VMware expects to fix the issue in code in the next 36 hours once QA testing has been completed." Network World, 08/12/2008.

VMWare patches User Account Disclosure flaw
In addition to the bug that bombed many VMWare systems this week, the company has released an update for its VirtualCenter product line that fixes an account disclosure vulnerability. Hackers could exploit the flaw to learn the user names on an affected system.

VMWare patches numerous ESX flaws
A new ESX update for VMWare ESX system fixes flaws in OpenSSL, net-snmp, and perl. Each of these could be exploited to potentially run malicious code on a system.
**********

Four new patches from rPath:
git (denial of service)
openldap (denial of service)
gvim (code execution)
python (multiple flaws)
**********

Two new updates from Debian:
PowerDNS (cache spoofing)
opensc (file overwrite)
**********

Two new fixes from Mandriva:
kernel (multiple flaws)
ClamAV (denial of service)
**********

Two new patches from Gentoo:
UUDeview (symlink attack)
Adobe Reader (input validation, code execution)
**********

Today's malware news:

Spamblogs Pushing Rogue Antivirus Programs
Nothing earth-shattering, but worth a mention anyway. I've noticed a couple of blogs pushing security blog feeds are also hawking pretend Youtube vids. The SpywareGuide Greynets Blog, 08/11/2008.

Hackers spoof MSNBC alerts in new twist on massive malware ruse
A group of hackers that last week was touting CNN to distribute malware this week changed its message to push stories said to be from rival network MSNBC. Computerworld, 08/13/2008.
F-Secure: MSNBC / CNN malware run

Jason Meserve is multimedia editor at Network World.