Adobe Security Updates, April 2012

Adobe has released its quarterly security updates, and issued a new Security Bulletin [APSB12-08] for its Reader software for Windows, Mac OS X, and Unix/Linux, and for its Acrobat software for Windows and Mac OS X.   The new versions of the software address four security vulnerabilities, identified in the Security Bulletin; Adobe characterizes these as Critical updates.   (More detailed information is in the Security Bulletin.)  The affected versions of the software are:

• Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 9.4.6 and earlier 9.x versions for Linux
• Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

For Reader X or Acrobat X, the new version is 10.1.3.  For users of 9.x versions of Reader, the new version is 9.5.1.

Users of Reader or Acrobat on Windows or Mac OS X can get the new version using the product’s built-in update mechanism (Help / Check for Updates).  Alternatively, you can download the new version of Reader for Windows or Mac OS X.  Download instructions for Acrobat are in the Security Bulletin [APSB12-08]

Linux users can download (via FTP)  the new version of Reader here; there are .deb and .rpm packages available, as well as a tarball.

Because Reader is so widely installed, across all platforms, it is (like Java) an attractive target for attackers.  I recommend updating your systems as soon as you conveniently can.

Microsoft Patch Tuesday, April 2012

Today is the second Tuesday of April, so, in keeping with its usual schedule, Microsoft has released this month’s batch of security bulletins and patches for Windows and related software.  This month, there are six patches, for nine identified vulnerabilities.  Three of the patches are for Windows itself, and its .NET components;  all supported versions of Windows are affected, and have at least two Critical bulletins.    For a breakdown of patches by version and severity, check this month’s preview post.

There is also a bulletin for Microsoft Office, rated Important; one for Microsoft Forefront Unified Access Gateway, also rated Important; and one rated Critical, that affects Office, SQL Server, and other server software and development tools (see the Security Bulletin Summary for details).

Further details, and download links, are in the Security Bulletin Summary for April 2012.  Microsoft says that two of the patch installations will definitely require a system restart, and the others may require one, depending on the configuration of your system.

The folks at the SANS Internet Storm Center have posted their usual analysis of this month’s patches, along with their severity ratings for client and server systems.

As always, I recommend that you update your systems as soon as you conveniently can.