Adobe has released the security updates previously announced for Adobe Reader and Adobe Acrobat. The bulletin reports that CVE-2010-4091, which can lead to code execution, remains vulnerable. Adobe plans to patch that in the next Reader 8.x update in February. Not very friendly to those still running Reader 8.
System Center Updates Publisher (SCUP) is a Microsoft product that allows an administrator to check third-party updates into their internal WSUS server and then deploy those updates with Microsoft patches through System Center Configuration Manager (SCCM/ConfigMgr). Third party products can provide configuration (CAB) files to make this process easier. Otherwise the admin can do the integration …
As previously announced by Adobe, today they released critical security updates for Adobe Reader and Acrobat. The Adobe Reader 9.4 update is a full install. That is both a blessing and a curse. Its good because I wont have one patch to upgrade people from the previous version, yet still have to build a full …
Continue reading ‘Adobe Reader and Acrobat Security Updates’ »
Adobe has released a security bulletin for Shockwave. Version 11.5.8.612 fixes multiple vulnerabilities that could be used for code execution.
This week saw a large number of Microsoft patches Additionally Adobe released updates for Flash and Adobe Air. Acrobat and Reader updates expected for this week will occur next week. Apple patched the iPhone and released an update for QuickTime. iTunes users were not given the QuickTime update as of this post. To stay up …
We’re seeing emails with the subject “phone calls” and “setting for your mailbox are changed” getting detected as bloodhound.exploit.290. That’s a generic detection for a Adobe Reader PDF exploit.
Here’s a roundup of patch Tuesday. Microsoft Patches There are two patches this month from Microsoft. One in Outlook Express/Microsoft Mail. One in Microsoft Visual Basic for Applications Adobe released an update for ColdFusion. A security update for Shockwave. This one is listed as critical. Not a bang-your-head-on-the-desk as last month, but I could have …
If you’ve been sleeping on the Adobe Acrobat and Reader /Launch vulnerability, its time to consider taking mitigating steps. The proof of concept presented by Didier Stevens uses the /launch functionality that is part of the specification for PDF in order to execute arbitrary code. Because this was a problem with the PDF specification, the …
Since Adobe Reader 9.3.1 came out, Secunia Personal Software Inspector has been reporting that I’m running a vulnerable version of Adobe Reader whenever a full scan is performed. When I select rescan, the detection goes away. The detected file is C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe . But 9.3.1 didn’t update that file. Adobe unfortunately only updates a …
The Microsoft Malware Protection Center reported earlier this week a sighting of a malicious PDF file exploiting CVE-2010-0188. Adobe released 9.2.1 and 8.2.1 in February. Users can pull down the ‘help’ menu and click on ‘check for updates’ to ensure that they’re running the latest version. One lesson learned here is don’t skip deploying a …