:: Deepquest ::

Patches – and plenty of them – took center stage this week as two big software companies shipped substantial updates. Some alarming news also broke regarding the growing number of botnets operating out of the U.S.  Read on for the full week in review.

Microsoft’s band of patches, pushed Tuesday, sent out 16 updates, fixing 49 vulnerabilities. Among those addressed: Flaws in Internet Explorer on XP through Windows 7 alongside tweaks for SharePoint and Microsoft’s.NET Framework. Additionally, MS010-073, a hole in win32k.sy that was previously exploited by the relentless Stuxnet was patched.

In addition to patches, Microsoft released a new tool this week – the SDL Regex Fuzzer – in hopes of identifying bad code that could expose programs to harm. Limiting attacks that guzzle up memory and more importantly, money, are the focus of this new fuzzer, now available in the company’s Download Center.

And, if your IT staff didn’t have its hands full with Microsoft’s patch storm, software giant Oracle decided to pile on top: issuing updates for its Java software on Tuesday, including fixes for 29 bugs, some which allowed attackers to remotely control infected machines, were fixed in Java SE and Java for Business.

On the subject of threats and attacks, we had some sobering stats were released about botnets on Wednesday. According to a report put out by Microsoft, the U.S. is now the home of more bot-infected computers than any other country, nearly four times as many as Brazil. This, despite the publicized takedown of two prominent botnets in recent months:  Pushdo and Waledac.  There was a 100% increase from 2009 between January and June, when Microsoft cleaned 6.5 million computers. While some of these massive botnets may be waning, the number of infected computers continues to rise.

With mobile phone security becoming a new battlefield for malware, some companies are stepping up their game. Early HTC G2 adopters can attest after discovering last week their rooted phones had reverted to their original settings following a restart. It remains to be seen if HTC’s actions will become a new trend but Dennis took the point on Thursday, detailing the wants vs. needs of each side.

Of course, it wouldn’t be a week in security these days if there wasn’t news on Stuxnet. Earlier this week, the European Network and Information Security Agency warned the European Union about the complications of the virus. Citing its sophistication, ENISA called the buzzed worm a “paradigm shift,” alerting it could be a sign of malware to come.

What’d you find interesting this week? Do you agree with ENISA, will Stuxnet change the tides of security? What about smart phone technology? Will more cell phone manufacturers modify their phones to prevent attacks?