On April 10, 2012, Microsoft released 4 critical updates. The most critical update called MS12-027, is one that affects a diverse set of products including Office, SQL Server, Biztalk, Commerce Server, Visual FoxPro and Visual Basic. Experts say the patch should be installed immediately because malware exploiting the vulnerability has already been used in attacks.
Nearly as critical is MS12-023, an update that fixes security flaws in all versions of Internet Explorer. Microsoft has given the vulnerabilities an exploitability index of 1, which means malware attacking the flaws is likely within the next 30 days. Patching IE is one of the most important things a company can do to maintain a strong security posture.
The remaining two critical updates, MS12-024 and MS12-024, fix flaws that leave Windows systems vulnerable to remote code execution. the same danger is avoided in Office 2007 SP2 by deploying one of the important patches.
Adobe is encouraging you to update Adobe Reader and Adobe X 10.12 and earlier running on Windows, Mac and Linux
Adobe released a security bulletin describing four vulnerabilities in Adobe Reader and Acrobat X 10.1.2 and earlier, running on all supported platforms. Adobe doesn’t describe these flaws in much technically detail, but most of them involve integer overflow and memory corruption issues within Reader and Acrobat components. Despite their technical differences, all four vulnerabilities share a similar scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit any of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.
If you use Adobe Reader to open PDF documents, you should download and install this Reader update as soon as you can.
Summary:
- This vulnerability affects: Adobe Reader and Acrobat X 10.1.2 and earlier, running on Windows, Mac, and Linux
- How an attacker exploits it: By enticing your users into viewing maliciously crafted PDF documents
- Impact: An attacker can execute code on your computer, potentially gaining control of it
- What to do: Windows users should install Adobe’s Reader and Acrobat X 10.1.3 or 9.5.1 updates as soon as possible (or let Adobe’s Updater do it for you).
Solution Path
Adobe has released Reader and Acrobat X 10.1.3 (and 9.5.1 for legacy users) to fix these vulnerabilities. You should download and deploy the corresponding updates immediately, or let the Adobe Software Updater program do it for you.
- Adobe Reader X 10.1.3
- Adobe Acrobat X 10.1.3
No comments:
Post a Comment