The sole Microsoft patch fixes a “critical” flaw in PowerPoint. “Critical” means it’s a big deal. In this case, opening a maliciously crafted PowerPoint presentation could allow an attacker to execute code remotely on a victim’s computer. All versions of PowerPoint released in the past 10 years are vulnerable to this one.

Adobe is patching Reader/Acrobat to fix yet another problem associated with embedded JavaScript. This issue, as well as a work-around, was discussed in an earlier post here.

You can safely assume that the bad guys, knowing that people are often sloppy about security updates, will try to take advantage of both vulnerabilities. The Adobe Reader bug will likely be the primary target. Almost everyone has Adobe Reader installed on their computer and most folks are used to encountering PDF files on web sites.

Be careful out there.

Security researchers have turned up a couple more vulnerabilities in Adobe Reader (and Adobe Acrobat for those of you running the full, pay-for package). These flaws permit running arbitrary code on a target system without the user’s knowledge. This is triggered by tricking a victim into opening a maliciously crafted, JavaScript-enabled PDF document — typically, an email attachment or a document served up on an infected web site.

First off, ensure Adobe Reader/Acrobat is up to date. This will plug the holes fixed in the last round of updates. Check the Adobe Reader (or Acrobat) version by clicking on the Help menu and then choosing “About…” (If there are two “About” options, use the one that refers to Reader/Acrobat, not the one that says something about plug-ins.) For Reader 9 and Acrobat 9, the version displayed should be 9.1 or later; for Reader/Acrobat 8, it should be at least 8.1.3.

If the program is out of date, the easiest way to fix this is to again select the Help menu, but choose “Check for Updates…” This will download and install the appropriate updates.

For versions older than 8, it’s time to upgrade to the latest release.

Next, disable Adobe Reader/Acrobat JavaScript. Launch the program, click on the Edit menu and select “Preferences…” In the left pane of the Preferences window, choose “JavaScript”; to the right, near the top, un-check (clear) the box labeled “Enable Acrobat Javascript”. Click OK.

Even after this next round of bugs is patched, it is probably best to leave JavaScript disabled. It’s a potential vulnerability and rarely, if ever, used.

Check the Adobe Reader (or Acrobat) version by clicking on the Help menu and then choosing “About…” (If there are two “About” options, use the one that refers to Reader/Acrobat, not the one that says something about plug-ins.) For Reader 9 and Acrobat 9, the version displayed should be 9.1 or later; for Reader/Acrobat 8, it should be at least 8.1.3.

If the program is out of date, the easiest way to fix this is to again select the Help menu, but choose “Check for Updates…” This will download and install the appropriate patches.