Vulnerabilities affect Adobe Reader X and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier for Unix, and Adobe Acrobat 10.1 and earlier for Windows and Macintosh.

Adobe as usually recommends to update Adobe Reader to the new version released today. This is Adobe Reader 10.1.1 for Windows and Macintosh, and Adobe Raeder 9.4.5 for Unix, as well as Adobe Acrobat 10.1.1 for Windows and Macintosh.

The security bulletin offers vulnerability details and download links for all Adobe Reader and Acrobat updates.

Microsoft today has released five security bulletins that affect Microsoft Windows, Microsoft Server Software and Microsoft Office. The maximum severity of all five bulletins is Important, the second highest rating available.

Windows Update is already picking up the updates online. Windows users can check for updates in their operating system to download and install the patches right now.

You find summaries for all five bulletins below. Follow the link for detailed descriptions of each security bulletin.

• MS11-070 – Vulnerability in WINS Could Allow Elevation of Privilege (2571621) – This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
• MS11-071 – Vulnerability in Windows Components Could Allow Remote Code Execution (2570947) – This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-072 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) – This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.
• MS11-073 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634) – This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS11-074 – Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858) – This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

You find deployment priority information and the severity index at the Technet blog.

• Microsoft Security Bulletin MS10-001 – Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  This security update is rated Critical for Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Adobe has released security updates for Adobe Reader and Adobe Acrobat which patch critical vulnerability in Adobe Reader 9.2 and Adobe Acrobat 9.2 for Windows, Macintosh and Unix as well as Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.

• These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX.

Most users probably do not mind the regular automatic update checks but some might prefer to update Adobe software products manually. This is important in business environments where patches are extensively tested before applied to client machines.

It is actually not a big problem to disable Adobe Updater if an Internet connection is available. All that needs to be done is to execute the Adobe_Updater.exe file that is located in the Program Files\Common Files\Adobe\Updater6 directory on the hard drive. The application will perform an update check and notify the user about updates. The updates won’t be installed however until the user clicks on the Download And Install Updates button.

A click on Preferences will load the configuration screen shown in the above screenshot. Unchecking the “Automatically check for Adobe updates” box will do the trick. Mac OSX users can basically do the same. The location of the Adobe Updater program on their system is /Applications/Utilities/Adobe Utilities/Adobe Updater5/.

Update: Adobe Updater is available as a separate download from the Adobe website. The program has not been updated since 2009, which may indicate that the program is either no longer used by Adobe, or integrated into their software programs by default to make external installations unnecessary.

The updater, according to the product page, fixes “networking problems, “speed and cpu problems”, “stability problems” and some Internet Explorer related issues.

The program available for download is only compatible with Adobe Creative Suite 4 software or Creative Suite 4 components. Other Adobe products that are not part of the Suite are not supported.