Serious Flaws Patched for Adobe Reader and Windows 2000

Today's post-holiday Patch Tuesday included just one bulletin, which is rated critical only for Windows 2000, but Adobe also released a must-have Reader update.

Microsoft's MS10-001 security bulletin addresses a flaw with Embedded OpenType fonts that can be attacked through any program that can render the fonts, including Internet Explorer, PowerPoint or Word. A successful attack could hand over complete control of a vulnerable system, according to the bulletin, but only Windows 2000 is vulnerable.

Other versions of Windows "contain the vulnerable code but do not use this code in a way that may expose the vulnerability," according to the bulletin. If you have a Windows 2000 system you'll get this fix via Windows Update.

On the other hand, all Windows, Macintosh and Unix systems with Adobe Reader 9.2 or Acrobat 9.2 will need a program update to version 9.3 to close an under-attack security flaw that has been targeted with poisoned .pdf files. Acrobat versions 8.1.7 and earlier will likewise require an upgrade to version 8.2. Heading to Help | Check for Updates will get you the update, or download the full 9.3 version. For more details see Adobe's bulletin.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter

Comments