Microsoft on Tuesday released software updates to fix at least 15 security flaws in Windows, Windows Server and Microsoft Office. One of the patches addresses a flaw so serious that users could find their Windows PCs compromised just by visiting booby-trapped Web sites. Richie Lai, director of vulnerability research for patch management firm Qualys, said the most dangerous vulnerability addressed in this month’s updates is a flaw in the way Windows handles so-called “embedded font” files

A security researcher has vowed to reveal technical details of a series cross-site scripting vulnerabilities involving Facebook applications during September. theharmonyguy plans to give developers 24 hours advance notice about flaws involving their web applications before exposing them publicly. The project takes its cue from July’s Month of Twitter Bug project, during which security researcher Aviv Raff applied a similar idea to the disclosure of security flaws involving Twitter and associated services