Home / Patch Tuesday Includes Adobe Reader and Microsoft Updates

Patch Tuesday Includes Adobe Reader and Microsoft Updates

Please Share...Print this pageTweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0Share on Tumblr0Share on StumbleUpon0Share on Reddit0Email this to someone

When will the patching ever end? We patch and patch and patch again Adobe, Java and Windows software every month. Sometimes the updates have a way of creating their own havoc via installations that go awry or creating another incompatibility.

Tuesday the 13th of October will be a patching day for many people. In addition to the Adobe patch being released, Microsoft is releasing patches covering 13 bulletins and 34 vulnerabilities. Microsoft is listing most of the 13 patches as critical, their highest rating. The Adobe Reader vulnerability is reported to be in the wild and attacks via emailed PDF documents. Adobe has also given this flaw the critical vulnerability rating.

Installing updates is never a task that is anticipated with any eagerness by system administrators and even less by the majority of regular users. If it weren't for auto-updating or reminder services running on most computers, many computers would not be patched.

Applying the updates in Windows isn't too big a deal for regular users. For system administrators, the thought of patching usually means re-booting servers, a task usually done when impacting the least number of users, most often late at night. They also have the nagging feeling that something could always go wrong. Murphy's Law is not unknown to system administrators.

Patching Adobe Reader has always meant installation of the entire program. While it is true that Adobe makes this easy for the regular users, they certainly do not go out of their way for a system administrator who has to update multiple machines. The exploit after all is specifically targeting corporate users. So it makes sense for Adobe to be more accommodating to the system admins. Adobe does have a method for sys admins but it requires you to apply and wait for approval before being able to download packages suitable for wide deployment.

Adobe keeps a three-month cycle on security updates. I think that timeframe is fair enough but they need to relax the requirements to obtain the mass-deployment packages. They want the corporate users to use their products and Adobe Reader is firmly entrenched in the marketplace. So why not make it easier on the system administrators around the globe who are deploying their product?

On Tuesday, if you use Adobe Reader and share PDF files via email, then you should update to this newer patch. As far as the Microsoft updates are concerned, most will be taken care of via Automatic Update features in Windows. If you do not have this feature turned on then you should consider reading about which updates apply to you.

If we truly want to defeat the criminal presence on the Internet, then security becomes everyone's responsibility. If you use a computer, take the time to keep it patched and updated because no matter what software you use, there will always be a flaw hidden somewhere.

Powered by

About jraz

  • Brian aka Guppusmaximus

    Nice Article…

    “Exploit targets Windows, Macintosh and Unix using Adobe Reader v9.1.3.”

    Did you mean Windows, Unix and Linux?

    Anyways, I agree that patches can, a lot of the times, cause more headaches than the actual security flaw. BUT, I think if the majority of the users would stop utilizing old protocols to do tasks then we wouldn’t have a lot of these issues.

    For example, how many people still use Outlook as their email client? If these people would switch to a web based mail server(like Gmail) and start using Google Docs then that PDF would no longer be physically present on your pc for that security flaw to be exploited.

    Actually, they could upload those .pdf files directly to Google Docs and just view & share them with co-workers, friends & family from there. So,imho, you really don’t need Adobe Reader. HA! Look at that, one less physically installed product on your PC that can cause issues. One less physical installation for the System Admin.

  • Yes I have to agree with you. Anytime we can have one less application to maintain it is usually worthwhile. But I don’t see corporate America going away from Outlook anytime soon even though their are alternatives as you point out. About the line quoted “Exploit targets Windows, Macintosh and Unix using Adobe Reader v9.1.3.” this was straight out of Adobe’s press release on the exploit. I never saw a mention of Linux. I’m not sure if they port Reader to Linux or not. Thanks for the comments.

  • Brian aka Guppusmaximus

    “About the line quoted “Exploit targets Windows, Macintosh and Unix using Adobe Reader v9.1.3.” this was straight out of Adobe’s press release on the exploit.”

    That makes me even more likely to switch to a free alternative. I know, I’m arguing semantics as Unix is a “nix”(BSD,Linux,etc) but Macintosh is Unix and they are the only company currently offering a commercially supported distribution,so, who could Adobe be talking about? My guess would be Linux because they do offer a port for that flavor of OS.

    As for the Corporate mentality, I agree but you would think that the people with the most to lose would research other options especially when it comes to free software with such a security flaw. I say, ditch the patch and actually strengthen your investment,er, I mean educate your employees about new technologies that can make the work place more efficient and secure.

    Hell, but what does a working class schmuck know? Enough to keep his information secure…HA!! F*ck them corporate dumba$$es!

    Sorry about my rant:)

  • I wasn’t aware of the Linux version. Maybe it doesn’t suffer from the flaw. I saw the version was 9.1.2 not .3 like the others. Me personally run Linux almsot full-time siince it is more secure. I still have to run Windows on my full-time job. I have tried to sway the management to Linux but it is not happening. I did read today theat Ubuntu 9.10 is going to try and penetrate the corporate world. I think businesses would do well to look to more Open Source products such as Foxit for a reader or Evance in Linux. Also no apologies needed for rants, this is after all a public forum and all views are welcome. IMHO Jraz

  • Brian aka Guppusmaximus

    I think that there are still a few too many issues with Linux to have it in a corporate environment unless you have a Linux certified IT department. The support is definitely there but you need a DYI attitude to find it. Plus, depending on your PCs hardware, device drivers are sometimes non-existent. There can even be some funky networking issues between similar machines.

    BUT, that doesn’t mean I don’t agree with you. Linux is definitely more secure(until it’s market share soars) and versions like Ubuntu run pretty damn good once it is installed(I use it on VMware Workstation). Plus, it comes with some pretty handy software already “pre-installed” like Open Office, Firefox,etc..

    IMHO, it is a choice time to offer an alternative to Windows considering Microsoft made way too many mistakes with Vista and Windows 7 is just Vista on Jenny Craig at which they are still going to charge $300+ for the version worth using. I was hoping that Google would make a move with their Linux based, Chrome style OS.

  • Questioner

    How on earth could a PDF reader such as Acrobat have a legitimate reason to incorporate virus-enabling code? There is none. Therefore, the authors of Acrobat deliberately incorporated code to breach your security.

    It’s time for users to rebel against their Adobe and Microsoft masters, who clearly consider it their right to tap our computers.

    Start by only running IETF compliant internet components.

    Clearly, the big software conglomerates are attempting to circumvent the good design principles of the internet by turning the internet into their comm highway for delivering buggy virus-laden advertisements to a captive audience that knows no better.

    “Flash”, for example, is a piece of pretty poison designed to reveal all your computer secrets to the authors; too bad that all the internet crooks can tap into the spying, too. You think that all you’re getting is a movie viewer, but alas, you are also getting a spy.

  • Questioner raises a very good point about Flash. Until recently I had never heard of Flash cookies. But they exist and to manage them you go through Adobe. Google it for instructions.

  • Questioner

    Nobody NEEDS Flash. Everything that Flash does on behalf of the user can be done by ordinary internet functionality.

    What Flash does is that it INSTALLS code on YOUR computer that opens your computer to spelunking by Adobe personnel. Of course, crooks can use the same extraordinary privileges to steal your information and raid your accounts.

    I have NO Flash installed on any of my computers. What do I miss? The occasional FLV movie of someones cat turning a somersault?

    Are you kidding? Is that worth endangering your personal data? Don’t make me laugh!

  • I believe the Better Privacy add-on for Firefox was designed specifically to remove those Flash cookies. I have it set to do it automatically for me.