Threat Level: Orange

Acrobat 8 and Adobe Reader 8 Patch Available

Vulnerabilities have been discovered in Adobe Acrobat Professional, 3D and Standard 8.1.2 and earlier versions and also Adobe Reader 8.1.2 and earlier versions.

From Core Security Technologies:

Adobe Reader suffers from a stack buffer overflow when parsing specially crafted (invalid) PDF files. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.

Adobe has issued patches for the affected versions but as a best-practice it is advisable to get the most recent version. Please note that Adobe Reader version 9 is not vulnerable to the exploit.

To check which version you are using, open up your Adobe application and click on Help then About.

If you have an affected version visit the Adobe link below to locate your version and then follow that link.

Now is the time, if you haven't already done so

If you have not updated your computer recently, now would be a good time to do it. It is quite common for the bad guys to ramp up their efforts of exploiting machines during the few days following an update being published; don't get caught with your pants down.

Microsoft Security Advisory (958963)

Exploit Code Published Affecting the Server Service

Published: October 27, 2008

Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue.

Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers.  Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.

This security advisory follow on the heels of Microsoft Security Bulletin MS08-067 - Critical which was published October 23, 2008 and in part had this to say.

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.

Get updated using Internet Explorer and logged on as an Administrator, go to the Windows Update site. Do it now!

Read the full Microsoft Security Advisory (958963)