In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.

Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor to that Web site with the Java Plugin for Browsers installed (Internet Explorer or Firefox) will get infected with malware.

The update is rated "critical" because of the risk of remote code execution attacks via rigged PDF files.

Two of the bulletins are rated "critical" for all versions of Microsoft's flagship operating system, including Windows 7 and Windows Server 2003 R2.

The attacks occurred mostly on WordPress blogs hosted by Network Solutions but it appears that there are multiple security weaknesses in play.

Researchers at the University of Illinois at Chicago have received a $1.15 million grant from the National Science Foundation to build a new, secure computer operating system.

The flaw occurs because the Java-Plugin Browser is running "javaws.exe" without validating command-line parameters.

The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes.

Five of the 11 bulletins will be rated "critical," Microsoft's highest severity rating. The flaws affect all versions of Windows, including the company's newest Windows 7 operating system.

A Bank of America (BofA) computer specialist will plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.