Holes in Adobe PDF apps are under near-constant assault these days, leading one antivirus researcher, Mikko Hypponen of F-Secure, to call them “the new Internet Explorer”, a reference to a days when IE 6 was target of choice. Hypponen even suggests ditching Reader for a free alternative (see pdfreaders.org).
If you continue to use Adobe Reader or Acrobat, turn off JavaScript (as Adobe recommends) to help guard against an as-yet unpatched security vulnerability affecting all supported versions of the programs: Click on Edit–>Preferences, select JavaScript on the left, and uncheck Enable Acrobat JavaScript. Adobe hasn’t yet announced when a fix might come out, but you can get details at Adobe.
Microsoft Closes Holes
Microsoft has released patches for holes in Excel an dWord exploited by zero-day attacks, but the bad guys are going after another zero-day flaw in PowerPoint.
Microsoft lists the Excel fix as critical for Office 2000; it’s important for 2002, 2003, and 2007, as well as for Office 2004 and 2008 for Mac and the Office Excel Viewer. Be sure to pick up the patch via Automatic Updates. For full details, see at Mircosoft .
The Word patch is likewise critical for Office 2000, and important for Office 2002 and the Office Converter Pack, and for WordPad on Windows XP, Windows 2000, and Server 2003 (see at Microsoft). A malicious download or email attachment could target the holes.
PowerPoint Attacked
Though attackers are exploiting the aforementioned hole in PowerPoint, no patch is available at this writing. Office 2000, 2002, and 2003 are all vulnerable, as is Office 2004 for Mac (information at Technet).
DirectX also had a patch, affecting Windows 2000, XP, and Server 2003. Malicious Motion JPEG (MJPEG) files could target the flaw (see at Microsoft).
One other must-have patch affect Microsoft Windows HTTP Services, which could be targeted by a malicious Web site. MS09-13 (see at Microsoft) is critical for Windows 2000, XP, Server 2003, Vista and Server 2008.
IE, Firefox Fixes
A now-plugged vulnerability in IE 6 and IE 7 could have been exploited if you viewed a poisoned Web page. For IE 6 the hole is critical on Windows XP and important on Server 2003. For IE 7, it’s critical on XP and Vista, and important on Server 2003 and Server 2008 (see at Mircosoft for details).
Meanwhile, Firefox received two updates (to versions 3.0.9 and 3.0.10) to fix critical flaws that might let a miscreant crash the browser and attack a victim computer. Click Help–>Check for Updates.
Thanks, I enjoyed reading your post. Keep up with the good work. I’ll definitely be back for more.