Tuesday, February 26, 2008

Adobe Vulnerability Requires Update to Adobe Acrobat and Adobe Reader

Adobe Acrobat and Adobe Reader users should install Adobe's new 8.1.2 update immediately to protect themselves from potential software vulnerabilities, according to ITS Security Operations and Services (SOS).

Adobe has recently released Acrobat/Reader version 8.1.2 to combat the Zonebac trojan vulnerabilities in all previous Acrobat and Reader versions (8, 7.0.9, 7 and earlier). Adobe Reader is installed on all Enterprise computers.

If you are currently in the Enterprise Network (AG domain), IT will automatically update Adobe Reader on your computer starting Wednesday February 27th. Your computer will receive the update the first time it is available on the network. You do not need to leave your computer in the office that evening.

If you are not a part of the Enterprise Network, please see our How To Install and Configure Adobe Reader for Windows for steps on updating Adobe Reader to the current version.

Keep in mind, only version 8 of the "full" Adobe Acrobat can be updated for free. If you are still using a previous version of the "full" Adobe Acrobat (versions 7 and earlier), you should purchase a license for Adobe Acrobat 8. This is available to faculty, staff and students at the Penn State Computer Store at http://www.computerstore.psu.edu/. Once the software has been purchased, you can remove the vulnerable older version, install the new version, and then visit the Adobe Web site at http://www.adobe.com/ to apply the necessary product updates.

Adobe Acrobat is Departmental Site Licensed software. If you search for Adobe Acrobat 8.0 in the Computer Store's Product Quick Search box, you will see a Acrobat Pro 8.0 Win License ($40.00 SLWNSR040 ) and Acrobat Pro 8.0 Win Media ($5.00 SMWNSR036). These are sold separately. Why? Often a Department will buy 1 copy of the media. Then Faculty or Staff purchase their individual license for $40. You can then sign out the departmental CD for the install. But, if you want a CD of your own, you would need to purchase both a copy of the media along with a paper license.

Thursday, February 21, 2008

Sun Releases Java(TM) 6 Update 4

As of Feb 21, 2008, the current version of Sun's Java client is Java(TM) 6 Update 4.

Plase follow our "How To Update Sun's Java Software" to update your Java software.

Fixed:
This update fixes a security issue allowed malicious people to bypass security restrictions and run malicious XML data within a trusted applet or Java Web Start application.

Note:
Older versions of Sun Java are not removed from your system when downloading and installing new versions from Sun. Therefore, if you have the latest Sun Java version installed, then you should consider removing all older versions of Sun Java from your system. This can be done via "Add/Remove Programs" in the Microsoft Windows "Control Panel".

Monday, February 11, 2008

Cisco VPN Client 5.0.02 Released

An updated version of the Cisco VPN Client is now available from downloads.psu.edu.

Virtual Private Network (VPN) software is used by Penn State faculty, staff and students when connecting to a Penn State network from any other ISP (internet service provider). For example, if you take a EN notebook on the road, you should connect with the the VPN Client software as soon as you establish a network connection. Then you can open OWA or browse the Internet.

The Cisco System VPN Client is installed on all Enterprise computers.

Action Required:
Please see our How To Install the VPN Client v5.x for Windows XP for steps on updating the Cisco VPN client to the latest version.

To determine what version of the VPN client installed on your computer, from the Start menu choose All Programs then click Cisco Systems VPN Client. From the Help menu choose About VPN Client. If the version is lower than 5.0.02, you should update the VPN software.

[UPDATE Feb 14, 2008] We have had reports of the VPN install process locking up in County Extension Offices. The steps now include unplugging the network cable from the machine at the appropriate time. If the computer is connected to the network during the install, the process will not complete! This may be difficult for desktops but it is required.
-jsw

Thursday, February 07, 2008

QuickTime 7.4.1 Update Released

On Feb 7, 2008, an updated version of QuickTime was released (7.4.1). This update fixed an issue where visiting a malicious website could lead to an unexpected application termination or arbitrary code execution. See more details here.

QuickTime is installed on all Enterprise computers. Apple's QuickTime software allows your Enterprise computer to view graphics, videos, on-line video streams (ex: Candidate Interviews in the College), and more.

Action Required:
Please see our How To Install QuickTime for Windows using the Standalone Installer for steps on updating QuickTime to the latest version.

Wednesday, February 06, 2008

Update to Adobe Reader v8 released (8.1.2)

On February 6, 2008, an update to version 8 of Adobe Reader was released (8.1.2). This update addresses a number of customer workflow issues and security vulnerabilities while providing more stability. More here.

UPDATE 2-25-08: Adobe Acrobat and Adobe Reader users should install Adobe's new 8.1.2 update immediately to protect themselves from potential software vulnerabilities, according to ITS Security Operations and Services (SOS). If you are currently in the Enterprise Network (AG domain), IT will automatically update Adobe Reader on your computer starting Wednesday February 27th. Your computer will receive the update the first time it is available on the network. You do not need to leave your computer in the office that evening.

UPDATE 2-20-08: According to the following PSU ITS Alert, "The University has experienced a large number of incidents related to a type of PDF-based hostile code that has been circulating through the use of vulnerable (pre 8.1.2.) versions of Acrobat and Reader software. When users open the infected PDF file it downloads a variant of the "Zonebac" trojan horse, resulting in control of the individual's computer system. The code also attempts to render all antivirus applications inoperable."

Adobe Reader is installed on all Enterprise computers. All College faculty and staff are encouraged to update their Adobe Reader software to this version.

Please see our How To Install and Configure Adobe Reader for Windows for steps on updating Adobe Reader to the current version.

Quick tip: If you already have version 8 of Adobe Reader installed (from the Help menu choose About Adobe Reader to see the version), follow these steps to apply the update.


  1. From the Help menu choose Check for Updates.
  2. If updates were found, they should begin to download.
    If not, click the Download and Install Updates button.
  3. At this point, you can click the Adobe Reader window to make it active, then Exit Acrobat Reader. If you don't exit Adobe Reader, the updater will prompt you to shut down Adobe Reader by clicking Continue.
  4. When the update finishes downloading, click Install Now.

    Note: The Installation Progress window may be minimized to the lower right of the screen (in the notification tray). To see the Installation Progress window, right click on its white icon and choose Show Progress.
  5. Wait for the update to be applied. When the process completes, click Quit.