By Andrew Storms

Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it's small or a big release. While the exact details of the patches are generally treated as news, the expected workload each month really shouldn't be a guessing game because Microsoft's patch releases are predictably cyclical.

Apple has shipped a new version of its Safari browser to plug multiple serious security vulnerabilities.

The Safari 4.0.5 update, available for Mac OS X and Windows, fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged Web site.

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code.

The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.

After a busy February with 13 security bulletins, Microsoft is easing off the patching throttle a bit this month. 

Microsoft released two new security bulletins addressing 8 vulnerabilities, all not publically known at this time. 

A zero-day (unpatched) vulnerability in Microsoft’s Internet Explorer is being exploited in the wild, the company warned in an advisory issued today.

On the same day it issued software fixes as part of its Patch Tuesday schedule, Microsoft released a pre-patch advisory to warn of the risk of remote code execution attacks against users of IE 6 and IE 7.

Apache's HTTP web server has a flaw that enables remote server access and total control of a database, according to a security researcher. Read the full article. [ZDNet Australia]

A security vulnerability identified in Opera can be exploited to crash users' browsers, but probably can't lead to the remote execution of malware, a company spokesman said. Read the full article. [The Register]

Cisco has released a number of reports on vulnerabilities in its products. It is possible to disrupt the transfer of voice data in the Unified Communications Manager using crafted SIP, SCCP and CTI packets. Read the full article. [The H Security]

A now available second maintenance release for PHP 5.3 fixes more than 60 bugs and closes several security holes which were already corrected in version 5.2.13, from the 5.2 branch, last week. Read the full article. [The H Security]

The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week. Read the full article. [KrebsonSecurity]