Microsoft fixed 25 holes on Tuesday, including critical ones for Windows that could be triggered by browsing to a malicious Web page, while Adobe plugged 15 holes in Reader and Acrobat and launched its new updater service.
Oracle also released its own critical patch update, covering nearly 50 new vulnerability fixes across hundreds of its products, on what was turning out to be an uber Patch Tuesday.
Microsoft said customers should deploy all 11 of its security updates, which include five that are critical, as soon as possible. However, three were listed as top priorities:
MS10-019, which affects all versions of Windows and would allow an attacker to alter signed executable content without invalidating the signature
MS10-026, which is critical on Windows 2000, XP, Server 2003 and Server 2008, and could allow an attacker to take complete control if a victim were to open a malicious AVI (Audio Video Interleave) file or had it stream from a Web site