Adobe Reader has a new patch, moving it to a current release of 9.4.4. This is not on their announced schedule of matching the Microsoft second-Tuesday patch release calendar. This patch requires a system reboot.

According to the Adobe release notes:

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).

These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).

These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.

Translation into non-technobabble: Without the patch, bad guys can run their programs on your computer, including malware installers.

In my opinion, all users should also turn off two features in Adobe Reader to reduce the possibility of third-party code running unapproved. In the Tools, Preferences menu, go to Javascript. Uncheck the top box. And in Trust Manager, uncheck the top box. The first option runs scripts, and the second runs embedded documents, including possible macro code. No one uses these features except malware writers.

Microsoft has the usual set of patches for the July 13th, Second Tuesday patch set–I see three for Windows 7, and three for Office 2007–be sure to get the ‘optional’ updates to the help files, because this month’s patches involve fixes to the help format that prevent remote code execution.

Other companies are using the Second Tuesday release date as well. This time Sun has an update for Java; your installations of Java should be 6, release 21.

The list of the most-commonly installed web file viewers and their current patch levels and links to version tests and installers has been updated, it’s here: www.startupware.com/patches

Adobe has updated Adobe Acrobat and Adobe Reader to version 9.3.3. The patch is available from the Help menu, under ‘Check for Updates’, and it’s an important security patch, correcting security holes currently being exploited by malware.

The patch alone is NOT adequate. ALSO, go to Edit, Preferences, and UNCHECK these two items:
In JavaScript, the top item ‘Enable Acrobat JavaScript’ should be unchecked.
In Trust Manager, the top item, ‘Allow opening of non-PDF file attachments with external applications’ should be unchecked.

The list of the most-commonly installed web file viewers and their current patch levels and links to version tests and installers has been updated, it’s here: //www.startupware.com/patches