When will the patching ever end? We patch and patch and patch again Adobe, Java and Windows software every month. Sometimes the updates have a way of creating their own havoc via installations that go awry or creating another incompatibility.
Tuesday the 13th of October will be a patching day for many people. In addition to the Adobe patch being released, Microsoft is releasing patches covering 13 bulletins and 34 vulnerabilities. Microsoft is listing most of the 13 patches as critical, their highest rating. The Adobe Reader vulnerability is reported to be in the wild and attacks via emailed PDF documents. Adobe has also given this flaw the critical vulnerability rating.
Installing updates is never a task that is anticipated with any eagerness by system administrators and even less by the majority of regular users. If it weren't for auto-updating or reminder services running on most computers, many computers would not be patched.
Applying the updates in Windows isn't too big a deal for regular users. For system administrators, the thought of patching usually means re-booting servers, a task usually done when impacting the least number of users, most often late at night. They also have the nagging feeling that something could always go wrong. Murphy's Law is not unknown to system administrators.
Patching Adobe Reader has always meant installation of the entire program. While it is true that Adobe makes this easy for the regular users, they certainly do not go out of their way for a system administrator who has to update multiple machines. The exploit after all is specifically targeting corporate users. So it makes sense for Adobe to be more accommodating to the system admins. Adobe does have a method for sys admins but it requires you to apply and wait for approval before being able to download packages suitable for wide deployment.
Adobe keeps a three-month cycle on security updates. I think that timeframe is fair enough but they need to relax the requirements to obtain the mass-deployment packages. They want the corporate users to use their products and Adobe Reader is firmly entrenched in the marketplace. So why not make it easier on the system administrators around the globe who are deploying their product?
On Tuesday, if you use Adobe Reader and share PDF files via email, then you should update to this newer patch. As far as the Microsoft updates are concerned, most will be taken care of via Automatic Update features in Windows. If you do not have this feature turned on then you should consider reading about which updates apply to you.
If we truly want to defeat the criminal presence on the Internet, then security becomes everyone's responsibility. If you use a computer, take the time to keep it patched and updated because no matter what software you use, there will always be a flaw hidden somewhere.
