Category Archives: Adobe

Patch Tuesday for March 2019

You know, it’s theoretically possible that we could get a Patch Tuesday with no updates to install. We’ve had months like that for Adobe products. Not for Microsoft, though, at least not in my memory.

Anyway… this month from Microsoft we have thirty-four updates, addressing seventy-five security vulnerabilities in Internet Explorer, Edge, Flash in Microsoft browsers, Office, and Windows. At least that’s what my analysis shows. The source of this information, Microsoft’s Security Update Guide, is a complex beast.

Reminder: these updates are only for versions that are still supported. Windows XP is no longer supported, and Windows 7 won’t be for much longer. Versions of Office older than 2010 are no longer supported, and Office 2010 support will end later in 2019.

It was a busy month for Adobe, with updates to Flash, Reader, and Shockwave.

Flash 32.0.0.171 includes fixes for two vulnerabilities in earlier versions.

Acrobat Reader DC, the variant of Adobe’s Acrobat/Reader product line you probably use, is up to version 2019.010.20099. The new version addresses twenty-one vulnerabilities in earlier versions.

Shockwave Player 12.3.5.205 addresses seven security bugs in earlier versions. You’re slightly less likely to have this software installed on your computer, but it’s worth checking if you’re not sure.

There are links to download the new versions on all the release announcement pages linked to above.

Acrobat Reader DC 2019.010.20098

Adobe logoAdobe’s Acrobat/Reader line of PDF viewers was recently updated to address a single security issue.

Although there are several variations of Acrobat and Reader, the one of interest to most people is the freeware Acrobat Reader DC (Continuous). That’s the one you probably have installed on your computer. The new version for that variant is 2019.010.20098.

Recent versions of Reader seem to update themselves in the background, courtesy of an update service called ARM that gets installed along with Adobe products. You can check which version you’re running by navigating Reader’s menu to Help > About Adobe Acrobat Reader DC.

Patch Tuesday for February 2019

Analysis of Microsoft’s Security Update Guide for February 2019 reveals that there are sixty-one distinct updates and corresponding articles in Microsoft’s support knowledge base.

At least seventy-seven vulnerabilities in Windows, Office, .NET, Internet Explorer, Edge, and Visual Studio are addressed by the updates. Twenty of the updates are flagged as Critical. Included in the updates is a new version of Flash for Internet Explorer and Edge.

As always, the easiest way to update Microsoft software is to use Windows Update, found in the Control Panel or System settings of your version of Windows.


Adobe once again adds to the patching load with new versions of Flash and Reader. Flash 32.0.0.142 addresses a single security vulnerability in earlier versions. The easiest way to check your Flash version and grab an update is to visit the Flash Help page.

Adobe Reader DC 2019.010.20091 includes fixes for at least seventy security bugs in earlier versions. Newer versions of Reader support auto-updates, but you can check for new versions by running Reader, and selecting Help > Check for Updates from its menu. If there’s a new version available, you’ll be prompted to install it.

Patch Tuesday for January 2019

Patch Tuesday: the gift that keeps on giving. Imagine a world where the second Tuesday in a month came and went, with no updates to install. Something to celebrate. Meanwhile, back in the real world, there’s an apparently infinite supply of software bugs out there, most as-yet undiscovered.

But back to the matter at hand. Microsoft’s Security Update Guide is still annoying to use on the web, so I recommend downloading this month’s patch details in the form of a spreadsheet. Navigate to the SUG, which by default will show the updates for this month. You should see a ‘Download’ link to the far right of the Security Updates heading. Click that link and open the spreadsheet in Excel or something compatible. In Excel, depending on the version, you should be able to enable the Filter feature, which makes each column heading a drop-down control, allowing you to filter and sort on any column. Very handy.

This month Microsoft is issuing seventy-three bulletins, each corresponding to an update for one or more security vulnerabilities. Forty-eight vulnerabilities are addressed by the updates, which affect the usual targets, namely Windows, Internet Explorer, Edge, Office, .NET, Flash (in IE and Edge), Visual Studio, and Exchange Server.

Windows 10 users will get relevant updates whether they want them or not, as will anyone using older versions of Windows with automatic updates enabled. The rest of us will need to head to Windows Update and click the Check for Updates button.

Adobe logoFrom Adobe, we get a new version of Flash, to go along with last week’s new version of Reader.

The latest Flash is version 32.0.0.114, and it includes fixes for feature and performance bugs, but — surprisingly — none for security bugs.

As usual, the Flash embedded in Chrome will update itself along with the browser, while IE and Edge updates are provided via Windows Update. Your Flash installation may be configured to install updates automatically, but if not, head to the main Flash Player page, which will let you know if you need an update, and provide links.

The new version of Reader (Acrobat Reader DC), made available by Adobe on January 3, is A2019.010.20069. Flash 2019.010.20069 includes fixes for two Critical security issues.

Newer installations of Reader seem to keep themselves up to date, but you can grab the latest version at the Get Reader page. Remember to disable the optional applications, or you’ll get what is likely unwanted software such as McAfee antivirus products.

Flash 32.0.0.101 fixes two security bugs

Released on December 5th, the latest Flash addresses two security vulnerabilities in earlier versions. The security bulletin for Flash 32.0.0.101 provides additional details.

If you’re still using Flash, you should install the new version as soon as possible. If you use a web browser with a Flash plugin enabled, don’t wait: update now. If you’re not sure whether your browser has Flash enabled, visit the Flash Player Help page with that browser. The Help page will detect Flash in your browser, tell you which version is installed, and provide a download link for the latest version.

Web browsers that include their own embedded Flash will be updated via their usual channels: for Microsoft browsers, that means Windows Update. Chrome usually updates itself automatically, but you can trigger an update by navigating its menu to Help > About Google Chrome.

Flash 31.0.0.153: security fix

There’s another new version of Flash: 31.0.0.153. A single Critical security vulnerability is addressed in this version. The vulnerability, when exploited, can allow for arbitrary code execution.

If you’re using a web browser with Flash enabled, you should update it as soon as possible. If you’re not sure whether your browser is enabled for Flash content, head over to the Flash Player Help page. If Flash is installed and enabled in your browser, your Flash version will be shown.

You can install Flash by visiting the main Flash installer page. Make sure to disable all the optional installation checkboxes on that page, or you’ll get unwanted software along with Flash.

As usual, Google Chrome and Microsoft’s browsers, which have their own embedded Flash viewers, are updated separately. Chrome will update itself; Edge and Internet Explorer are updated via the Windows Update service.

Patch Tuesday for November 2018

This month, we have fifty-six updates from Microsoft. The updates fix security issues in .NET, Office, Internet Explorer, Edge, Microsoft Project, SharePoint, PowerShell, Skype, and Windows. Analysis of the Security Update Guide for this month shows that a total of sixty-three vulnerabilities are addressed by the updates. Twelve of the vulnerabilities are flagged as Critical.

Windows 10 computers will have relevant updates installed automatically over the next few days. Those of you running older versions of Windows that don’t have automatic updates enabled will need to use Windows Update (in the Windows Control Panel) to check for new updates.

Adobe logoMeanwhile, Adobe released new versions of Flash and Reader. Flash 31.0.0.148 addresses a single security vulnerability in earlier versions. Reader DC 2019.008.20081 fixes a single security bug in earlier versions. Adobe software will usually update itself, unless you’ve explicitly disabled its automatic update features.

New Adobe Acrobat Reader fixes 80+ vulnerabilities

Adobe logoSecurity researchers from around the world apparently turned their attention to Adobe’s Acrobat and Acrobat Reader recently, and their efforts revealed a big pile of new vulnerabilities. Adobe responded yesterday, releasing new versions of its Acrobat-related products that address eighty-six of those vulnerabilities.

Although Acrobat and Reader exist in several different forms, the one most people actually use these days is Adobe Acrobat Reader DC (Continuous), and the latest version of that variant is 2019.008.20071.

If you use any paid version of Acrobat, or any of its free Reader variants, you should update it as soon as possible. This is particularly important if you open PDF files with uncertain provenance on the web or received in email. If you use Reader as a browser plug-in or extension, you should drop everything and update immediately.

Recent versions of Acrobat and Reader include an automatic update system, so your install may already be up to date. The easiest way to find out is to run it, then navigate its menu to Help > Check for Updates... If an update is available, you’ll be able to install it from there.

Adobe Acrobat Reader DC 2018.011.20063

Adobe logoAdobe usually releases security updates for its software on Patch Tuesday, but they apparently decided that the seven vulnerabilities addressed in Acrobat Reader DC 2018.011.20063 shouldn’t be delayed.

The release annoucement for Adobe Reader 2018.011.20063 provides some details about the vulnerabilities. One of them, CVE-2018-12848, can lead to Arbitrary Code Execution, and is flagged as Critical.

It’s important to keep Acrobat Reader DC up to date, because it’s still being used to deliver malware, embedded in PDF documents. It’s especially important if you’ve enabled Reader in your web browser.

If you use Acrobat Reader DC, you can check whether it’s up to date by navigating its menu to Help > About Adobe Acrobat Reader DC. There’s also a Check for Updates function in the Help menu. On my Windows 8.1 computer, a Windows Task Scheduler task (added by Adobe) updated the software within a few hours of the new version’s release.

Patch Tuesday for September 2018

Analysis of Microsoft’s Security Update Guide shows that this month’s updates address sixty-two security vulnerabilities, ranging from Low to Critical in severity, in the usual suspects, namely Edge, .NET, Internet Explorer, Office, and Windows. There are forty-five updates in all.

If you’re looking for a new way to evaluate Microsoft’s monthly patch offerings, I recommend Microsoft Patch Tuesday by security firm Morpheus Labs. It’s a lot less oppressive — and easier to use — than Microsoft’s Security Update Guide.

Adobe’s providing us with a new version of Flash this month. Flash version 31.0.0.108 fixes a single security vulnerability. As usual, the Flash code embedded in Chrome and Microsoft browsers will update itself through Google’s automatic update process and Windows Update, respectively.

Happy patching!