Critical Security Updates – Microsoft and Adobe

August 13, 2012

On Aug 14th, Microsoft and Adobe are to release security updates for their products. According to both companies’ official publications, some of the updates are considered “critical” and are meant to protect against attacks based on remote exploitation. We strongly recommend deploying these update as soon as they are released. It should be noted that in the period between the expected update release and implementation, the vulnerable systems are exposed to potential attacks, aimed to exploit these particular published vulnerabilities.

Cyvera TRAPS (Targeted Remote Attack Prevention System) aims to prevent exploitation of unknown and unpatched vulnerabilities. Therefore, end-points and servers in which Cyvera TRAPS is installed, will be highly-protected against exploits that target yet-to-be-disclosed vulnerabilities, even prior to the installation of these updates. Having stated that, we still recommend deploying these updates as soon as possible to avoid production-related issues, which may be caused due to dependency between updates.

Microsoft’s Updates
According to Microsoft’s advanced notification, nine security bulletins will be released as part of Microsoft’s Patch-Tuesday, five of them considered “critical”. The updates are relevant for multiple products, including Windows, Internet Explorer and Microsoft SQL Server. In addition, it should be emphasized that eight of the nine patches concern vulnerabilities that allow remote code execution.

Adobe’s Updates
According to the company’s pre-notification security advisory, critical updates will be released, affecting the following products:
- Adobe Reader X (10.1.3) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5.1 and earlier 9.x versions for Windows and Macintosh
- Adobe Acrobat X (10.1.3) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5.1 and earlier 9.x versions for Windows and Macintosh