Serious Flaws Patched for Adobe Reader and Windows 2000
Today's post-holiday Patch Tuesday included just one bulletin, which is rated critical only for Windows 2000, but Adobe also released a must-have Reader update.
Microsoft's MS10-001 security bulletin addresses a flaw with Embedded OpenType fonts that can be attacked through any program that can render the fonts, including Internet Explorer, PowerPoint or Word. A successful attack could hand over complete control of a vulnerable system, according to the bulletin, but only Windows 2000 is vulnerable.
Other versions of Windows "contain the vulnerable code but do not use this code in a way that may expose the vulnerability," according to the bulletin. If you have a Windows 2000 system you'll get this fix via Windows Update.
On the other hand, all Windows, Macintosh and Unix systems with Adobe Reader 9.2 or Acrobat 9.2 will need a program update to version 9.3 to close an under-attack security flaw that has been targeted with poisoned .pdf files. Acrobat versions 8.1.7 and earlier will likewise require an upgrade to version 8.2. Heading to Help | Check for Updates will get you the update, or download the full 9.3 version. For more details see Adobe's bulletin.