Both Microsoft and Adobe recently released security bulletins for reported vulnerabilities on their respective products, with Microsoft issuing 3 advisories, and Adobe finally releasing a patch to a previously discussed vulnerability.
Microsoft released the following security bulletins–one critical and two important–addressing several vulnerabilities:
- (MS09-006) Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
- (MS09-007) Vulnerability in SChannel Could Allow Spoofing (960225)
- (MS09-008) Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
On the other hand, a security update to resolve the CVE-2009-0658 vulnerability was released by Adobe. The said vulnerability has been identified in Adobe Reader 9 and Acrobat 9, and earlier versions. It is an array-indexing error when processing a malformed JBIG2 stream within a PDF document. It then could allow attackers to cause a vulnerable application to crash and execute arbitrary code by tricking a user into opening a specially-crafted PDF file. It could potentially allow an attacker to take control of the affected system.
In addition to the above, Adobe is planning to prepare updates for Adobe Reader 7 and 8, and Acrobat 7 and 8 by March 18, 2009. It will also announced the release of Adobe Reader 9.1 for Unix, to be done on March 25.
For more information regarding this vulnerability, you may refer to the link below:
Users are strongly advised to update their system with these latest patches.