DP's Security Bits

Summary

Critical vulnerabilities have been identified in Adobe Reader 9.3.2 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.2 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.2 (and earlier versions) and Adobe Acrobat 8.2.2 (and earlier versions) for Windows and Macintosh. These vulnerabilities, including CVE-2010-1297 referenced in Security Advisory APSA10-01, could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.3. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.3, Adobe has provided the Adobe Reader 8.2.3 update.) Adobe recommends users of Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.3. Adobe recommends users of Adobe Acrobat 8.2.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.3.

Affected software versions

Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh

Solution

Adobe Reader
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates

http://www.adobe.com/support/security/bulletins/apsb10-15.html

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···jun.mspx

Critical (3)

Microsoft Security Bulletin MS10-033
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
»www.microsoft.com/technet/securi···033.mspx

Microsoft Security Bulletin MS10-034
Cumulative Security Update of ActiveX Kill Bits (980195)
»www.microsoft.com/technet/securi···034.mspx

Microsoft Security Bulletin MS10-035
Cumulative Security Update for Internet Explorer (982381)
»www.microsoft.com/technet/securi···035.mspx

Important (7)

Microsoft Security Bulletin MS10-032
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
»www.microsoft.com/technet/securi···032.mspx

Microsoft Security Bulletin MS10-036
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
»www.microsoft.com/technet/securi···036.mspx

Microsoft Security Bulletin MS10-037
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
»www.microsoft.com/technet/securi···037.mspx

Microsoft Security Bulletin MS10-038
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
»www.microsoft.com/technet/securi···038.mspx

Microsoft Security Bulletin MS10-039
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
»www.microsoft.com/technet/securi···039.mspx

Microsoft Security Bulletin MS10-040
Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
»www.microsoft.com/technet/securi···040.mspx

Microsoft Security Bulletin MS10-041
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
»www.microsoft.com/technet/securi···041.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Microsoft Security Bulletin Advance Notification issued: June 3, 2010
Microsoft Security Bulletins to be issued: June 8, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on June 8, 2010.

3 Rated as Critical

7 Rated Important

http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx