Adobe has released updates for its Reader and Acrobat products in order to address several vulnerabilities that can be exploited to execute arbitrary code remotely.
The new 9.4.1 versions have only been released for Windows and Mac, the UNIX updates being scheduled to land on November 30.
Patched bugs include CVE-2010-4091, a memory corruption vulnerability disclosed as a zero-day at the beginning of the month.
Despite proof-of-concept exploit code being publicly available, no attacks exploiting this flaw have been detected in the wild so far.
There is reason to believe the issue was known in some hacking circles since November 2009, when details about it were published on Russian-language blogs. More »
Now that Microsoft has made Office 2010 RTM available to the public, it falls on customers to make sure that their products are kept up to date.
But the Redmond company is making it extremely simple for end users and businesses that embraced the latest iteration of the Office productivity suite to find the Service Packs and CU updates for Office products.
Hosted on TechNet, the Update Center for Office makes it simple for customers to find the latest Service Pack, latest Public Update, latest Cumulative Update and general guidance for Office 2010.
At the same time, the online resources (Update Center for Microsoft Office, Office Servers, and Related Products) hosted on TechNet are not limited to Office 2010, but in fact cover all Office releases, as long as they are still supported by Microsoft. More »
This milestone in the product lifecycle of XP has generated a range of questions, some easier to answer than others. Below you will find a list of frequently asked questions along with answers, some right from Microsoft. Hopefully, the FAQ will be sufficient to provide guidance for customers that need to make the transition from XP SP2 to more recent releases of Windows.
1. How will XP SP2 customers be impacted by end of support for the service pack?
Microsoft software products evolve constantly, with major products receiving upgrades dubbed service packs. In the case of XP SP2, the upgrade was indeed massive, with some company employees noting that Service Pack 2 for Windows Vista’s successor could easily have been considered an entirely new Windows release. The software giant only offers support for Service Packs for 12 to 24 months after a new release. This period varies, and is connected with the product family. In the specific case of XP SP2, July 13th, 2010 will mark two years since the release of Service Pack 3. More »
While a vulnerability does exist in the latest Windows client and server platforms with Aero enabled, actually getting exploit code to work and performing successful attacks are not likely to happen. Microsoft downplayed the risk users of Windows 7 64-bit, Windows Server 2008 R2 for 64-bit systems and Windows Server 2008 R2 Itanium systems were exposed to, indicating that the new zero-day, for which details had been disclosed in the wild, was extremely hard to exploit. At the same time, the Redmond company underlined that it was not aware of any attacks targeting the flaw, or of exploit code capable of reaching execution.
Jerry Bryant, group manager, Response Communications, Microsoft, revealed that the new security hole resided in the Windows Canonical Display Driver (cdd.dll). Microsoft has already published Security Advisory 2028859, informing customers of the issue and offering advice on how to stay protected until a patch is offered. More »