Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Reader and Acrobat Security Updates

Published: 2011-04-21
Last Updated: 2011-04-21 17:41:20 UTC
by Guy Bruneau (Version: 1)
5 comment(s)

Adobe released important security updates for Adobe Reader X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh OS. The bulletin is posted here.

"CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing."[1]


Affected software:

Adobe Reader X (10.0.1) and earlier versions for Windows
Adobe Reader X (10.0.2) and earlier versions for Macintosh
Adobe Acrobat X (10.0.2) and earlier versions for Windows and Macintosh

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by CVE-2011-0611.


[1] http://www.adobe.com/support/security/bulletins/apsb11-08.html

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Acrobat Adobe Reader
5 comment(s)

Silverlight Update Available

Published: 2011-04-21
Last Updated: 2011-04-21 17:26:09 UTC
by Guy Bruneau (Version: 2)
2 comment(s)

Microsoft has issued a security patch for Silverlight KB2526954. It fixes six issues. However, the Microsoft link to KB2526954 is still not live. If you have Microsoft update running, it is ready to install. This is rated as important and will auto install.

Direct download http://go.microsoft.com/fwlink/?LinkID=149156

Update 1: Microsoft bulletin is now posted here.

[1] http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx

[2] http://support.microsoft.com/kb/2526954
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

2 comment(s)
Diary Archives