Just in time for the holidays, Microsoft has released seven (and hopefully last) security bulletins for this year.

Critical Bulletins:

MS07-064
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)

MS07-069
Cumulative Security Update for Internet Explorer (942615)

Important Bulletins:

MS07-063
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

MS07-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)

MS07-066
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

These bulletins address 11 vulnerabilities (nine of which affect Windows Vista). Windows users are advised to download the patches… One less thing to worry about this season, right?

Click here for Windows Update.

Michael Jackson even had a song about it: Human Nature. There’s your weakest link—and one that hackers repeatedly take advantage of and manipulate.

Reports confirm that hackers have successfully broken the Oak Ridge National Laboratory (ORNL) in Tennessee, an institution in the United States that conducts highly sensitive research. While little is known of it, it also appears that the sister-institution of ORNL, the Los Alamos National Laboratory in New Mexico, was also hacked. These are two of the United States’ more important research labs, where homeland security and military researches are conducted.

Investigations reveal that seven (only seven) phishing emails were directly involved in the breach. The said email messages were sent to lab employees. It was still unclear what these messages did specifically, but experts say they probably had malicious attachments in them.

Waves of phishing emails reportedly began in October, with employees as specific targets. The attackers managed to access a non-classified computer of ORNL that contained the personal information of people who visited the research laboratory since 1990.

The targeted attacks on these two institutions and the success of the hackers had analysts calling them “a sophisticated cyber attack that now appears to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country.”

Analysts, though, are careful in naming explicit architects of the attack. The angles range from a government-sponsored espionage to the work of a small crime organization.

What is interesting is that this would not be the first attack of this kind on institutions like the abovementioned laboratories. Los Alamos, in fact, has been the subject of not just one, but several breaches in recent years.

At the center of all these security breaches and hacking attacks is the individual—one with a trusting, or non-questioning, nature. The lesson learned here is that a huge and imposing organization is still made of people, and when these people are not well informed on how to stave off potential security attacks, the whole organization suffers.