Earlier this week, I wrote about the imminent release of 34 patches in Microsoft's largest Patch Tuesday to date. I highlighted a number of reasons in that blog why this update is significant. Well, the second Tuesday of October 2009 has come and gone, and I hope things went smoothly for your SMB.
Today, I want to draw your attention to another company that also released a number of security updates for its products Tuesday. Though nowhere as prominent as Microsoft, it is clear that the patches released by Adobe are no less important, if you consider the pervasiveness of the affected Adobe Reader and Acrobat software.
In fact, many computer makers pre-install Adobe Reader as default on systems they sell. This is of particular concern to SMBs, since they are more likely to use a new system out of the box as opposed to overwriting the default system with a pre-configured enterprise image. Compounding matters are the many applications that helpfully attempt to install Adobe Reader so customers can access PDF manuals or help files.
This week, Adobe rolled out fixes for 29 different vulnerabilities in its Acrobat family of applications. Affected versions of the popular PDF software
could be found across all the platforms -- Windows, Mac and Linux. In fact, I think it would be accurate to say that if you use Adobe Reader or Acrobat, you need to patch -- now.
Few are sympathetic toward Adobe though, despite the company's efforts to fix the bugs. TG Daily sums up the Adobe situation this way:
"When you consider that MS issued 34 patches covering seven application families and three operating systems, while Adobe had to plug 29 holes in just two apps, one wonders which of the two companies has furthest to go in terms of providing secure products."
Of course, if you've been following me on this blog, you would have realized that I am no fan of Adobe's bug-ridden and constantly targeted Adobe Reader and Acrobat applications. In the past, I have recommended that SMBs consider alternatives to Adobe Reader due to the many vulnerabilities and exploits "in the wild" that takes advantage of these flaws. Indeed, my sentiment to switch away from Adobe's PDF reader was mirrored by IT Business Edge's security blogger Ralph DeFrangesco.
My recommendation is simple: Either patch as soon as possible, or switch to an alternative reader. To patch, visit the Security Bulletin page here. (Warning: It's a long page.) If you decide to make a switch however, feel free to read up on what I have to say in an earlier blog titled: "A Free Alternative to Adobe Reader."