How to get it…

• If you have automatic updates enabled and set up to download more than just core Windows updates, you should be offered Office 2007 SP2 automatically.
• You can download it directly from Microsoft.
• Or, you can get SP2 from a third party such as BetaNews fileforum.

So far, the SP2 update seems to be pretty well behaved. It reset my default news reader setting, but that was a minor irritation, easily corrected. If I encounter any significant issues, I’ll post them here.

Oh, one more thing: If you are running Windows XP, you must have Service Pack 3 installed before you can install Office 2007 SP2. For Vista, Service Pack 1 is required.

Security researchers have turned up a couple more vulnerabilities in Adobe Reader (and Adobe Acrobat for those of you running the full, pay-for package). These flaws permit running arbitrary code on a target system without the user’s knowledge. This is triggered by tricking a victim into opening a maliciously crafted, JavaScript-enabled PDF document — typically, an email attachment or a document served up on an infected web site.

First off, ensure Adobe Reader/Acrobat is up to date. This will plug the holes fixed in the last round of updates. Check the Adobe Reader (or Acrobat) version by clicking on the Help menu and then choosing “About…” (If there are two “About” options, use the one that refers to Reader/Acrobat, not the one that says something about plug-ins.) For Reader 9 and Acrobat 9, the version displayed should be 9.1 or later; for Reader/Acrobat 8, it should be at least 8.1.3.

If the program is out of date, the easiest way to fix this is to again select the Help menu, but choose “Check for Updates…” This will download and install the appropriate updates.

For versions older than 8, it’s time to upgrade to the latest release.

Next, disable Adobe Reader/Acrobat JavaScript. Launch the program, click on the Edit menu and select “Preferences…” In the left pane of the Preferences window, choose “JavaScript”; to the right, near the top, un-check (clear) the box labeled “Enable Acrobat Javascript”. Click OK.

Even after this next round of bugs is patched, it is probably best to leave JavaScript disabled. It’s a potential vulnerability and rarely, if ever, used.

It’s generally a good idea not to let security updates slide for very long. Once the word is out, the bad guys try to reverse-engineer the patches. If they find anything particularly juicy, they take advantage of the fact that many people are remiss about applying the patches. For instance, the primary mode of infection used by the currently infamous Conficker worm is a vulnerability that was fixed several months ago.

A little side-note: April 14, 2009 is also the day Windows XP goes on “extended support.”

Check the Adobe Reader (or Acrobat) version by clicking on the Help menu and then choosing “About…” (If there are two “About” options, use the one that refers to Reader/Acrobat, not the one that says something about plug-ins.) For Reader 9 and Acrobat 9, the version displayed should be 9.1 or later; for Reader/Acrobat 8, it should be at least 8.1.3.

If the program is out of date, the easiest way to fix this is to again select the Help menu, but choose “Check for Updates…” This will download and install the appropriate patches.