Problems with ActiveX controls prompt an out-of-cycle patch. Plus: Zero-day attacks on several Adobe apps, and an update to Firefox.

Microsoft might have been feeling like the little Dutch boy over the last month, plugging holes with regular patches and with rare out-of-cycle fixes in an attempt to prevent attackers from pouring through.

The out-of-cycle patch, critical for all versions of Internet Explorer on 2000, XP, and Vista, addresses IE's handling of flawed ActiveX controls created with the Microsoft Active Template Library (ATL), a developers tool included with Visual Studio. At-risk PCs could be hit by a drive-by-download attack. This serious vulnerability affects many ActiveX controls. For example, Adobe confirmed on its security site that its Shockwave and Flash Player ActiveX controls "leverage vulnerable versions of ATL," and that it is working on a fix. The issue also affects IE on Windows Server 2003 and 2008, but is rated moderately severe on those OSs.

More: http://pcworld.com/article/170542/