SCUP and Flash Part 2

System Center Updates Publisher (SCUP) is a Microsoft product that allows an administrator to check third-party updates into their internal WSUS server and then deploy those updates with Microsoft patches through System Center Configuration Manager (SCCM/ConfigMgr).    Third party products can provide configuration (CAB) files to make this process easier.   Otherwise the admin can do the integration …

Continue reading ‘SCUP and Flash Part 2’ »

Adobe Reader and Acrobat Security Updates

As previously announced by Adobe, today they released critical security updates for Adobe Reader and Acrobat. The Adobe Reader 9.4 update is a full install.   That is both a blessing and a curse.   Its good because I wont have one patch to upgrade people from the previous version, yet still have to build a full …

Continue reading ‘Adobe Reader and Acrobat Security Updates’ »

Patching week in review

This week saw a large number of Microsoft patches Additionally Adobe released updates for Flash and Adobe Air. Acrobat and Reader updates expected for this week will occur next week. Apple patched the iPhone and released an update for QuickTime.  iTunes users were not given the QuickTime update as of this post. To stay up …

Continue reading ‘Patching week in review’ »

Patch Tuesday

Here’s a roundup of patch Tuesday. Microsoft Patches There are two patches this month from Microsoft. One in Outlook Express/Microsoft Mail. One in Microsoft Visual Basic for Applications Adobe released an update for ColdFusion. A security update for Shockwave. This one is listed as critical. Not a bang-your-head-on-the-desk as last month, but I could have …

Continue reading ‘Patch Tuesday’ »

PDF Launch Vulnerability

If you’ve been sleeping on the Adobe Acrobat and Reader /Launch vulnerability, its time to consider taking mitigating steps. The proof of concept presented by Didier Stevens uses the /launch functionality that is part of the specification for PDF in order to execute arbitrary code. Because this was a problem with the PDF specification, the …

Continue reading ‘PDF Launch Vulnerability’ »

Secunia PSI and Adobe Reader.

Since Adobe Reader 9.3.1 came out, Secunia Personal Software Inspector has been reporting that I’m running a vulnerable version of Adobe Reader whenever a full scan is performed. When I select rescan, the detection goes away. The detected file is C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe . But 9.3.1 didn’t update that file. Adobe unfortunately only updates a …

Continue reading ‘Secunia PSI and Adobe Reader.’ »

CVE-2010-0188 Adobe Exploit

The Microsoft Malware Protection Center reported earlier this week a sighting of a malicious PDF file exploiting CVE-2010-0188. Adobe released 9.2.1 and 8.2.1 in February. Users can pull down the ‘help’ menu and click on ‘check for updates’ to ensure that they’re running the latest version. One lesson learned here is don’t skip deploying a …

Continue reading ‘CVE-2010-0188 Adobe Exploit’ »