Serious Flaws Patched for Adobe Reader and Windows 2000

Today's post-holiday Patch Tuesday included just one bulletin, which is rated critical only for Windows 2000, but Adobe also released a must-have Reader update.

Microsoft's MS10-001 security bulletin addresses a flaw with Embedded OpenType fonts that can be attacked through any program that can render the fonts, including Internet Explorer, PowerPoint or Word. A successful attack could hand over complete control of a vulnerable system, according to the bulletin, but only Windows 2000 is vulnerable.

Other versions of Windows "contain the vulnerable code but do not use this code in a way that may expose the vulnerability," according to the bulletin. If you have a Windows 2000 system you'll get this fix via Windows Update.

On the other hand, all Windows, Macintosh and Unix systems with Adobe Reader 9.2 or Acrobat 9.2 will need a program update to version 9.3 to close an under-attack security flaw that has been targeted with poisoned .pdf files. Acrobat versions 8.1.7 and earlier will likewise require an upgrade to version 8.2. Heading to Help | Check for Updates will get you the update, or download the full 9.3 version. For more details see Adobe's bulletin.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.