The problems revolve around the MS06-042 security patch for Internet Explorer that Microsoft originally released on 8 August.
Oracle, which acquired Java when it bought Sun Microsystems in 2010, has not yet issued a security patch for this particular vulnerability.
FORBES: US Department of Homeland Security Calls On Computer Users To Disable Java
If you put 200 to 300 Intel boxes together, you better manage them closely If you have a security patch, you have to patch security across all 300 .
FORBES: IBM's New Power Systems Challenge HP, Oracle and Dell For SMB Apps
Rob Gardos, chief executive of GridApp Systems, a company that helps automate the deployment, configuration and management of databases, says that one large data center he encountered took 18 months to fully install an Oracle quarterly security patch across the enterprise.
For added security, the patch also disables versions of Adobe Flash Player that do not include the latest security updates, and encourages users to get the latest version directly from Adobe's website.
When IBM filtered those unpatched security flaws by severity, however, Google came out as the least likely to patch critical security bugs in its software that would allow a hacker to completely hijack a target system, leaving 33% of those high severity flaws unpatched over the first half of the year.
Oracle just scored points with the security community for rushing out an early patch for a critical security flaw in Java that was already being widely exploited by the cybercriminal underground.
FORBES: Oracle Quietly Releases Fix For Serious Java Security Bug--Months After It Was Reported
He points to data gathered by software security firm Secunia, which showed that Apple had to patch nearly five times as many security flaws in its software over the past year as Microsoft had to patch in Windows.
When he released JailbreakMe 3 in July, the company rushed to patch the security opening in just nine days.
When Oracle released a patch, Security Explorations quickly found another flaw in the fix that would allow the new security measures to be bypassed.
FORBES: Forget Oracle's Latest Java Patch. Just Kill The Program In Your Browser For Good
He points to data gathered by software security firm Secunia, which showed that Apple had to patch nearly five times as many security flaws in its software over the past year as Microsoft (nasdaq: MSFT - news - people ) had to patch in Windows.
The new patch fixes both the original security hole named after researcher Juan Carlos Garcia Cuartango and a recently discovered variant of the problem.
However, Microsoft said it could not endorse the patch from Zert or any other security firm.
The software giant took the unusual step of issuing the patch well before the usual date for security updates.
In 2008, security researcher Dan Kaminsky discovered and helped develop a patch for one of the most fundamental flaws ever found in the infrastructure of the Internet.
FORBES: Security Guru Launches iPhone App To Hack Colorblindness
He points out that in general, security vulnerabilities are much easier to find than they are to patch.
Microsoft first patched this security hole on Aug. 10, and issued a security bulletin on Oct. 17 pointing customers to the same software patch.
Before its Thursday patch, an exploit that took advantage of the Java security flaws had been included in the widely used Blackhole cybercriminal software kit as well as the Metasploit penetration testing toolset.
FORBES: Oracle's Java Security Woes Mount As Researchers Spot A Bug In Its Critical Bug Fix
One of the problems identified in the August update was deemed so serious that the US Department of Homeland Security (DHS) issued a warning urging users to download the patch and apply it as soon as possible.
The expulsion comes a week after Secretary of State John Kerry traveled to Moscow to meet with President Vladimir Putin in the latest effort to patch up a relationship jarred by disputes over issues from European security and Mideast uprisings to human rights.
Whilst Apple have added another sumptuous design to their immaculate portfolio, the iPhone has been the subject of personal security fears as researchers at Independent Security Evaluators (ISE) based in Baltimore, successfully hacked an iPhone remotely - although a straightforward software patch looks likely to solve this problem.
American researchers who expose security bugs have faced a similar backlash, especially when those flaws are made public before companies have a chance to patch them.
FORBES: Indian Researcher Who Showed E-Voting Security Flaws Jailed, Denied Bail, Charged With Theft
应用推荐