Critical Updates from Microsoft, Adobe, and Oracle


Wolfgang Kandek, CTO of explains further "Blacklisting is a capability introduced by Adobe in their last update to Adobe Reader v9 and v8 in October 2009 and might not be familiar to many IT admins yet. An alternative recommendation is to turn off JavaScript completely in Adobe Reader--JavaScript has played a major role in the in 2009, so this a good preventive and defensive measure. As this setting disables functionality potentially needed by users, IT admins need to evaluate their individual situations."

Oracle joined the party as well, rolling out a . The Oracle update contains a total of 24 updates affecting seven different Oracle products. Most of the vulnerabilities are remotely exploitable without authentication, making them critical security concerns. Database servers should not be exposed to the network, but IT administrators need to scrutinize affected application servers to determine the amount of risk the servers are exposed to.

Zero-Day Exploits

Qualys' Kandek also noted that a Intevydis, a Russian security research firm, announced last week that it plans to over the next three weeks. "The first two are live and have POC [proof-of-concept] code for Sun Directory Server 7.0 and Tivoli Directory Server 6.2. We are monitoring these releases and will keep you updated on further developments."

Tony Bradley tweets as , and can be contacted at his .