Adobe has said for some time now that it will issue a patch for the .pdf vulnerability in Reader 9.2 and Acrobat. 9.2 on Patch Tuesday next week. The company had acknowledged that there is active exploitation of the weakness going on and advised users to turn off JavaScript capabilities.
Adobe also has said it will put out a beta version of Reader with an automatic update feature sometime in January then include the updater it in the next version release. The updater can be set to download updates automatically or on a controlled basis with notifications.
Microsoft apparently isn’t planning much for Patch Tuesday. The company’s Advance Security Bulletin Notification only lists one item – a patch for the various flavors of Windows. Only the fix for Microsoft Windows 2000 Service Pack 4 is rated as “critical.” For all other versions, the severity rating is “low.”
Security Advisory for Adobe Reader and Acrobat here.
Microsoft’s Security Bulletin Advance Notification for January 2010 here.
Tom Kelchner