InformationWeek: IT managers are hard at work today installing security updates for software from Microsoft, Adobe and Oracle. The lone Microsoft patch is considered "critical" for Windows 2000, but only receives a "low" rating for users of other versions of the operating systems.By contrast, the Adobe patch for its Reader software fixes a vulnerability that is currently being exploited by hackers. "Attack attempts seemed to peak near the end of December and then drop off, but we're continuing to see limited attempts at exploitation, and more reliable exploits could still be developed," said Ben Greenbaum, senior research manager with Symantec Security Response.
The Oracle patch is also critical, addressing 24 vulnerabilities in seven different enterprise products. "The majority of the vulnerabilities are remotely exploitable without authentication and IT admins should be taking a close look at the exposure these products have in their networks," said Qualys CTO Wolfgang Kandek. "In general database engines should have no necessity to be connected to open networks, but the application servers are very likely exposed."