Posts Tagged: Adobe Reader Update


8
Mar 16

Adobe, Microsoft Push Critical Updates

Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software. Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site.

brokenwindowsThe bulk of the security holes plugged in this month’s Patch Tuesday reside in either Internet Explorer or in Microsoft’s flagship browser — Edge. As security firm Shavlik notes, Microsoft’s claim that Edge is more secure than IE seems to be holding out, albeit not by much. So far this year, Shavlik found, Edge has required 19 fixes versus IE’s 27.

Windows users who get online with a non-Microsoft browser still need to get their patches on: Ten of the updates affect Windows — including three other critical updates from Microsoft. As always, Qualys has a readable post about the rest of the Microsoft patches. If you experience any issues with the Windows patches, please share your experience in the comments below.

As it is known to do on patch Tuesday, Adobe issued security updates for its Reader and Acrobat software. Alas, there appears to be no update for Adobe’s Flash Player plugin as per usual on Patch Tuesday. However, an Adobe spokesperson told KrebsOnSecurity that the company will be issuing a Flash Player update on Thursday morning.


12
Aug 14

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft today each independently released security updates to fix critical problems with their products. Adobe issued patches for Adobe Reader/Acrobat, Flash Player and AIR, while Microsoft pushed nine security updates to address at least 37 security holes in Windows and related software.

Microsoft's recommended patch deployment priority for enterprises, Aug. 2014.

Microsoft’s recommended patch deployment priority for enterprises, Aug. 2014.

Two of the nine update bundles Microsoft released today earned the company’s most-dire “critical” label, meaning the vulnerabilities fixed in the updates can be exploited by bad guys or malware without any help from users. A critical update for Internet Explorer accounts for the bulk of flaws addressed this month, including one that was actively being exploited by attackers prior to today, and another that was already publicly disclosed, according to Microsoft.

Other Microsoft products fixed in today’s release include Windows Media Center, One Note, SQL Server and SharePoint. Check out the Technet roundup here and the Microsoft Bulletin Summary Web page at this link.

There are a couple other important changes from Microsoft this month: The company announced that it will soon begin blocking out-of-date ActiveX controls for Internet Explorer users, and that it will support only the most recent versions of the .NET Framework and IE for each supported operating system (.NET is a programming platform required by a great many third-party Windows applications and is therefore broadly installed).

These changes are both worth mentioning because this month’s patch batch also includes Flash fixes (an ActiveX plugin on IE) and another .NET update. I’ve had difficulties installing large Patch Tuesday packages along with .NET updates, so I try to update them separately. To avoid any complications, I would recommend that Windows users install all other available recommended patches except for the .NET bundle; after installing those updates, restart Windows and then install any pending .NET fixes).

Finally, I should note that Microsoft released a major new version (version 5) of its Enhanced Mitigation Experience Toolkit (EMET), a set of tools designed to protect Windows systems even before new and undiscovered threats against the operating system and third-party software are formally addressed by security updates and antimalware software. I’ll have more on EMET 5.0 in an upcoming blog post (my review of EMET 4 is here) but this is a great tool that can definitely help harden Windows systems from attacks. If you already have EMET installed, you’ll want to remove the previous version and reboot before upgrading to 5.0. Continue reading →


13
May 14

Adobe, Microsoft Issue Critical Security Fixes

Adobe and Microsoft today each released software updates to plug dangerous security holes in their products. Adobe pushed patches to fix holes in Adobe Acrobat/Reader as well as Flash Player. Microsoft issued eight update bundles to nix at least 13 security vulnerabilities in Windows and software that runs on top of the operating system.

A majority of the patches released by Microsoft are fixes for products that run in enterprise environments. Chief among the consumer-facing Microsoft updates is cumulative patch for Internet Explorer that fixes a pair of flaws in all supported versions of IE. This patch also includes the emergency update that Microsoft released earlier this month to address a zero-day vulnerability in IE. Microsoft also issued fixes for several Office vulnerabilities. This month’s batch also includes a .NET fix, which in my experience is best installed separately.

Adobe released a fix for its Flash Player software that corrects at least six security flaws. The Flash update brings the media player to v. 13.0.0.214 on Windows and Mac systems, and v. 11.2.202.359 for Linux users. To see which version of Flash you have installed, check this linkContinue reading →