Category Archives: Adobe

Patch Tuesday for July 2021

It could be argued that Microsoft has done us all a favour in making Windows 10’s updates unavoidable. Certainly, as long as nothing goes wrong, it’s less work than futzing around with Windows Update on every computer. And forced updates mean that Windows computers used by less tech-savvy folks stay up to date with security fixes, which makes everyone safer.

It’s also true that increasingly, software and firmware updates for all our devices happen whether we want them or not. By default, mobile devices update themselves. Other electronic equipment, like smart televisions, digital video recorders, amplifiers, and even some network equipment are now doing the same.

But I just can’t shake the feeling of discomfort I get when I think about my computer being messed with at the whim of some Microsoft flunky. Perhaps some day I’ll be more comfortable with it. In the meantime, as long as Microsoft continues to screw up updates, sometimes breaking thousands of computers worldwide, I’ll continue to feel this way.

This month’s Microsoft updates

According to my analysis of the data available from Microsoft’s Security Update Guide, we’ve got updates for Edge, Office, Exchange Server, SharePoint, Visual Studio Code, Windows (7, 8.1, and 10), and Windows Server, addressing a whopping one hundred and thirty-three vulnerabilities in all.

As usual, Windows 10 updates will be installed automatically over the next few days, although you may — depending on your version of Windows 10 — be able to delay them for about a month. You can check for available updates and install them right away by heading to Start > Settings > Update & Security > Windows Update.

Windows 8.1 users also have the option of using automatic updates, but if that’s disabled, you’ll need to go to Start > PC Settings > Update & Recovery > Windows Update.

There seem to be one or two updates that are freely available for all Windows 7 computers, so it’s worth checking Windows Update. When Microsoft releases free updates for Windows 7, you know they’re important. Go to Start > Control Panel > Windows Update to check.

Adobe Updates

Adobe joins the fun again this month, with an updated version of the free and still ubiquitous Adobe Acrobat Reader. Version 2021.005.20058 of Reader includes fixes for thirteen security bugs.

Reader normally updates itself, but you can make sure, by navigating its menu to Help > Check for updates...

Firefox 90

Perhaps coincidentally, there’s also a new version of Firefox today. Firefox 90 addresses nine security vulnerabilities in earlier versions.

By default, Firefox will update itself, but you can encourage it by clicking its ‘hamburger’ menu at the top right, and navigating to Help > About Firefox.

New version of Reader fixes two security bugs

Adobe logoAnother new version of Adobe Reader (aka Adobe Acrobat Reader DC) was released last week. Reader version 2021.005.20048 includes fixes for two security vulnerabilities, both of which were apparently discovered by independent security researchers.

Unless you’ve disabled the function, Reader will update itself shortly after a new version becomes available. I usually find that by the time I become aware of a new version, Reader has already updated itself on my main PC.

You can check Reader’s version by navigating its menu to Help > About Adobe Acrobat Reader DC. You can check for and install any pending updates by navigating its menu to Help > Check for Updates...

New versions of Acrobat and Reader

Adobe logoEarlier this week, timed to coincide with Microsoft Patch Tuesday, Adobe released new versions of its PDF authoring tool Acrobat, as well as its free PDF viewer, Reader.

The new versions address ten security vulnerabilities in earlier versions. The new version of Acrobat Reader (DC) is 2021.001.20155.

If you have Adobe Reader installed on any of your computers, you should check whether it’s up to date, and install the new version if it’s not. You can do that by running Reader, and navigating its menu to Help > About Adobe Acrobat Reader DC.

You can install the latest version of Reader by navigating its menu to Help > Check for Updates.

Patch Tuesday for February 2021

We’re gradually moving into a world where the software we use every day is maintained remotely, because it runs on or from a remote server, or because it automatically updates itself. This is widely viewed as progress, since the responsibility of protecting everyone from vulnerable software moves away from software users, to software producers. Responsible software producers no longer simply create and sell software, developing and making available updates when necessary; they are taking on the task of deploying those updates to user platforms.

There are drawbacks to this approach. Many people — including myself — are reluctant to cede control of the software we use to faceless corporate drones. We are wary of allowing corporate interests control what we see on our computers. With Windows 10, everything is in place to allow Microsoft to sell advertising space on your computer screen. We shudder to think of the nightmare scenarios resulting from bad (and unavoidable) updates.

For those of us who are resistant to these changes, there are options. Most software that automatically updates itself includes settings to disable auto-updates in favour of manual updates. Notable exceptions are Windows 10, and almost all Google and Adobe software.

There are other problems. Once, every update came with release notes and change logs. Increasingly, the details of changes in updates are not published, and users must simply trust that software producers only ever intend to make things better for us. Sadly, that is not always the case. The Windows desktop client for Spotify is a good example: it’s buggy, unstable, crash-prone, and although it is updated frequently, new versions are not documented in any way. Installing Spotify updates is a game of Russian Roulette, and it’s not optional.

Where do we go from here?

Updates should always be optional. Sure, install them by default, but provide settings to allow users to fully control whether and when updates are installed. At the very least, this would make updates much less stressful for business and educational IT staff. How about providing a free version that automatically updates itself and allows advertising, and a reasonably-priced version that allows control over updates and advertising? I’d be willing to pay a few bucks extra to have that kind of control.

Meanwhile, back to reality

Here in the real world, we’ve got more updates from Microsoft and Adobe, many of which are not optional. Some of these updates are not available for free, and are instead prohibitively expensive (e.g. all updates for Windows 7).

First up it’s Microsoft, with software updates addressing fifty-six vulnerabilities in .NET, Edge, Office, Sharepoint, Visual Studio, VS Code, Windows, and Defender.

If you try to count the number of distinct updates, your numbers will vary, depending on what you’re counting. As such, I will no longer be attempting update counts.

You can wade through the details yourself, using the new, ‘improved’ Security Update Guide. You can also find a summary on the official release notes page for this Patch Tuesday.

Several of this month’s updates address critical vulnerabilities that are being actively exploited. Which of course drives home the point that people really need to update, as soon as possible. Which in turn is a strong argument for forcing those updates. Welcome to the new update hell reality.


Adobe logoAdobe has been installing automatic update mechanisms on your computer for a few years now. As with Google software, this is accomplished using a variety of techniques that are also used by malware: to make sure they are always enabled, to reinstall themselves when removed, and to remain hidden as much as possible. While it is possible to remove or disable these update mechanisms, doing so is an exercise in frustration, because they will return, sometimes in a form that’s even more difficult to remove. The only real solution is to avoid using such software.

If you’ve ever opened a PDF file on your computer, there’s a good chance that it opened in Adobe’s free Acrobat Reader. In which case that software is updating itself automatically, using a system service called Adobe Acrobat Update Service.

Adobe released a new version of Reader on February 9: 2021.001.20135. This new version addresses at least twenty-three security vulnerabilities in earlier versions. Since it’s difficult to know exactly when automatic updates will occur, it’s a good idea to check. On Reader’s menu, navigate to Help > About Adobe Acrobat Reader DC. If your version is out of date, select Help > Check for Updates on Reader’s menu to install the new version.

Patch Tuesday for January 2021

There’s no stopping the juggernaut of monthly updates coming from our pals in Redmond.

This month’s load of updates, based on analysis of the new, ‘improved’ Security Update Guide, shows that we have updates for Edge, Office (2010, 2013, 2016, and 2019), Sharepoint, SQL Server, Visual Studio, Windows (7, 8.1, and 10), and Windows Server (2008, 2012, 2016, and 2019), addressing eighty-three security vulnerabilities in all.

There’s a summary of this month’s updates linked from the SUG, but as usual, it’s bafflingly incomplete.

Windows 8.1 computers can get this month’s updates via Windows Update in the Control Panel. Windows 10 computers will get the updates over the next few days, unless they’ve been configured to delay updates temporarily. Windows 7 users are still basically out of luck.

Flash is DEAD

Adobe’s kill switch for Flash went into effect as scheduled yesterday. Any Flash media you try to view from now on will show a placeholder image, which links to the End Of Life announcement for Flash.

That includes any Flash media you have lying around on your computer. For example, I found the Flash test animation on my main computer and uploaded it to my web server, where until January 12, it worked perfectly. That same Flash animation used to show on the main Flash help page, but of course that page now shows the placeholder as well.

And so ends the long, exasperating, security nightmare that was Flash. Good riddance.

Adobe Reader update, Flash ‘kill switch’

Adobe logoEarlier this week, Adobe released new versions of its Acrobat/Reader product line, to address a lone security vulnerability in earlier versions.

The new version of Acrobat Reader DC, which is the free — and widely used — version of Acrobat, is 2020.013.20074.

Recent versions of Acrobat and Reader usually manage to update themselves, but if you use either of them for viewing PDF files from untrusted sources, you should make sure you’re running the latest version. In Acrobat Reader DC, navigate its menu to Help > Check for Updates... If a newer version is available, you’ll see an option to install it.

Flash ‘Kill Switch’

We expected Adobe to show warnings in Flash after its development and support end in January 2021. Now comes news that Adobe is taking the rather drastic step of preventing Flash content from playing at all after January 12.

It’s not clear whether it will be possible to override this behaviour, so anyone who still relies on being able to play Flash content after January 12 should be looking into alternatives.

Adobe Reader update

Adobe logoLast week Adobe released new versions of its Acrobat and Reader products, to address fourteen security vulnerabilities in earlier versions.

In the Adobe product lineup, Acrobat is the commercial PDF builder, while Reader is the free PDF viewer. At one time you pretty much needed to have Reader installed to view PDF files, but these days PDF viewer functionality is increasingly built into operating systems and web browsers.

The new version of Reader — officially referred to as Acrobat Reader DC — is 2020.013.20064. Details are available in the related Adobe Security Bulletin.

All of Adobe’s Acrobat/Reader products update themselves by default, and there’s apparently no simple way to disable that feature. Still, if you have Reader installed, and you use it to view PDF files obtained from email or the web, it’s a good idea to make sure it’s up to date.

To check for updates, start Reader and navigate its menu to Help > Check for Updates... If there’s a newer version available, you’ll be prompted to install it.

Flash update and upcoming retirement

Last week, on Patch Tuesday, Adobe released a new version of Flash that addresses a single critical vulnerability in previous versions.

The security bulletin for Flash 32.0.0.445 provides some additional context.

Anyone still using Flash, and in particular if Flash is enabled in Internet Explorer 11, Edge, or Google Chrome, should install the new version.

The easiest way to obtain the latest version of Flash is to go to the Get Flash page on the Adobe web site.

You’ll probably notice a warning at the top of the Get Flash page: “Important Reminder: Flash Player’s end of life is December 31st, 2020. Please see the Flash Player EOL Information page for more details.” That’s right, Flash is nearing the end of its troubled life.

Adobe plans to retire Flash at the end of 2020. After that, Adobe will no longer update or distribute Flash. They won’t fix security vulnerabilities, and you won’t be able to download it from Adobe’s web site. Adobe recommends removing Flash from all systems by the end of 2020.

Flash will live on, of course. But leaving Flash installed and enabled in browsers will become increasingly risky, as any new vulnerabilities will not be fixed by Adobe. If you must continute to use Flash for work-related activity, try to use it only as needed, and never to view content obtained from unverified Internet sources. Use a separate browser just for viewing Flash content if possible.

Adobe Reader security fixes

Adobe logoEarlier this week Adobe released new versions of its Acrobat/Reader product line, to fix a series of security vulnerabilities in earlier versions.

There are at least eight variants of Adobe Acrobat and its free counterpart, Reader, which can be confusing. Mitigating this potential confusion is the fact that the huge majority of people who have one of these products installed are using the free Acrobat Reader DC.

The release notes associated with this set of updates reveals that the new versions address at least twenty-six security vulnerabilities in earlier versions. Many of the vulnerabilities are flagged as Critical. The updated version of Acrobat Reader DC is 2020.012.20041.

With default settings, recent versions of Reader will update themselves, on a schedule determined by Adobe, within a few days of a new version’s release. Although it’s possible to override this default behaviour, doing so requires installation of an additional tool or editing the Windows registry directly.

If you’d like to check the version of Reader you’re using, navigate Reader’s menu to Help > About Adobe Acrobat Reader DC. To check for updates and install the latest version, go to Help > Check For Updates...

Adobe Flash 32.0.0.387

A new version of Flash was released by Adobe earlier this week.

Flash 32.0.0.387 fixes a single security vulnerability in earlier versions.

If you use Flash, and in particular if you use a web browser with Flash enabled, you should make sure you’re running the latest version.

The easiest way to determine whether you’re running Flash is to visit the Flash Player Help page on the Adobe web site. Click the Check Now button to see the version your browser is running. Further down the page, there’s a small Flash demo that you can use to verify that Flash is installed and running in your browser. Your browser may also block Flash or prompt you to allow Flash to run.

Also on that page there’s a link to Download the latest version of Flash Player.

Adobe will stop supporting and updating Flash after December 31, 2020. At that point we’ll be recommending that everyone completely disable and/or remove Flash from all their computers, unless there’s some specific reason it’s still needed. And the world will be a much better place.