After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.

Microsoft has shot down reports that its Internet Information Services (IIS) suffers from a vulnerability, saying that customers only need to worry if they are running a nondefault configuration of the web server.

Microsoft delivered its monthly security update on Tuesday to rectify 12 vulnerabilities, five of which are present in Internet Explorer (IE) and comprise the most pressing patch to deploy.

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites, which are, in turn, infecting users with an information-stealing Trojan, according to security vendor Websense.

Attackers are actively exploiting a gaping zero-day hole in versions 9 and earlier of Adobe Acrobat and Reader, the company has warned.

Microsoft plans to release eight patches on Tuesday - six for "critical" vulnerabilities - as part of its monthly security update.

Only two per cent of computer users are fully patched and the other 98 per cent are running at least one insecure, unpatched program, security firm Secunia said this week.

The "W32.Downadup" worm, exploiting the patched Microsoft's Windows Server Service (MWSS) vulnerability, is the key component in a developing botnet, researchers at Trend Micro said this week.

RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

Oracle on Tuesday released 45 fixes for vulnerabilities across its products, including the widely deployed Oracle Database.