Huge Patch Tuesday from Microsoft and Adobe

There are enough software patches being released these days that users can easily become numb to the noise.  But if you review the list of vulnerabilities addressed by the latest patches released by Microsoft and Adobe on October 12, you’ll wake up quickly.

The Microsoft list is compelling, including a “critical” fix for all supported releases of Internet Explorer, including Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8.  (Yup, that’s right IE 5.01 is still loose in the wild.)

It’s worth mentioning that the version of IE 8 that is part of Windows 7 includes vulnerabilities that are addressed by this patch.

The official post from Microsoft has all the details… get the patch via Windows Update… always beware of fake patch download sites.

Adobe also jumped in with a security update for Acrobat Reader.   According to the official post from Adobe, just about every version of Acrobat reader is impacted.  The post is short of details, only saying that the vulnerabilities “could potentially allow an attacker to take control of the affected system”. It’s worth mentioning that the security advisory lists 29 different defects as being fixed by the patch.

And if you think this doesn’t matter, read this post from Trend Micro, describing an exploit found in the wild.  That ought to provide a little incentive.

The aforementioned Adobe post contains links where downloads can be obtained straight from Adobe.

As mentioned before, it’s important to keep your Acrobat reader installation up-to-date.