May 08 2009

Alert: May 12th is “Patch Tuesday”

Published by at 13:27 under Alerts

May 12th is “Patch Tuesday,” the day Microsoft traditionally issues security updates. Adobe is also issuing a patch for Adobe Reader and Acrobat.

The sole Microsoft patch fixes a “critical” flaw in PowerPoint. “Critical” means it’s a big deal. In this case, opening a maliciously crafted PowerPoint presentation could allow an attacker to execute code remotely on a victim’s computer. All versions of PowerPoint released in the past 10 years are vulnerable to this one.

Adobe is patching Reader/Acrobat to fix yet another problem associated with embedded JavaScript. This issue, as well as a work-around, was discussed in an earlier post here.

You can safely assume that the bad guys, knowing that people are often sloppy about security updates, will try to take advantage of both vulnerabilities. The Adobe Reader bug will likely be the primary target. Almost everyone has Adobe Reader installed on their computer and most folks are used to encountering PDF files on web sites.

Be careful out there.

No responses yet

Trackback URI | Comments RSS

Leave a Reply