Friday, February 19, 2010

Security Updates Available for Adobe Reader and Acrobat v9

Adobe shipped a critical security update to its Adobe version 9 products on Feb 18, 2010 that patches a critical vulnerability that could cause the application to crash and could potentially allow an attacker to take control of the affected system

Note: To determine the version of any of the above applications, open the Adobe program. Then from the Help menu choose About Adobe, (name of program). You should see the version listed in a new box. Then, you can click anywhere on this box to close it.

The current version of Adobe Acrobat and Adobe Reader is version 9.3.1.

Note: If you have Adobe Reader version 8.x on your computer, you should remove this version and update to Adobe Reader 9.3.1. See our How To Install and Configure Adobe Reader v9 for Windows.

Action Required: Ag IT recommends that College of Ag Science faculty and staff update any Adobe version 9 products to the current version.

To apply these updates:

  1. Close all other programs and then open your version of Adobe Reader or Acrobat Professional.
  2. From the Help menu choose Check for Updates.
  3. If updates were found, they should begin to download. If not, click the Download and Install Updates button.
  4. The updater will prompt you to close the program before the update can be installed. Click Continue.

    Note: The Installation Progress window may be minimized to the lower right of the screen (in the notification tray). To see the Installation Progress window, right click on its white icon and choose Show Progress.

  5. When the process completes, click Quit.
  6. The Adobe Reader or or Acrobat Professional program will re-open.
  7. From the Help menu choose Check for Updates. If no updates are available, click Quit.
  8. Close Adobe Reader or or Acrobat Professional.
Note: Earlier versions of Adobe Acrobat Professional (version 6 or lower) will not be patched.

The Adobe Security bulletin, Security Updates available for Adobe Reader and Acrobat, has additional information and links.

Monday, February 15, 2010

Security Update Released for Adobe Flash Player

On Feb 11, 2010 Adobe released a Security advisory called Security updates available for Adobe Flash Player that announced the availability of an update to their Flash Player 10 software. The advisory states in part:

Summary
A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability could subvert the domain sandbox and make unauthorized cross-domain requests.

Affected software versions
Adobe Flash Player 10.0.42.34 and earlier versions

Severity rating
Adobe categorizes these as
critical issues and recommends affected users patch their installations.

Action Required: Ag IT recommends that you update the Adobe Flash Player on your Enterprise machine to mitigate the effects of malicious SWF (Shockwave Flash) files that you might view in your web browser.

For steps, see our How To Install Updates to Adobe Flash Player, http://it.cas.psu.edu/1590.htm.

Note: If you use multiple browsers, perform the check for each browser you have installed on your computer.

Thursday, February 11, 2010

Exchange 2010 - Active Directory Server Updates


UPDATE: Thursday, Feb 18, 2010, 11:50 PM

The first of our Active Directory servers (AGDC1) was updated successfully. This server will be monitored for issues as it enters use on Friday, Feb 19th. The remaining two Active Directory servers (AGDC2 and AGDC3) will be updated according to the original schedule below.





The College of Ag Sciences Exchange 2003 Server (managed by Ag IT) provides E-mail/Calendaring services to all Extension offices as well as a number of University Park departments. This server is nearing its end of life. As a result, Ag IT has started a project to upgrade to Exchange 2010, the latest version of this E-mail/Calendaring service. Before we can upgrade the Exchange server, we need to upgrade supporting services.

First, we need to upgrade our Active Directory environment. In brief, an "Active Directory" is nothing more than the behind the scenes database that stores information about the network and Windows based computers and objects such as users. In other words, we need to take the current Microsoft Windows Server 2003 Active Directory database and upgrade to Microsoft Windows Server 2008. Something like updating a Word file from Office 2003 to Office 2007.

Schedule for Active Directory Upgrade:

Thursday, February 18th 9:00p.m – 1:00 a.m.
Friday, February 19th 9:00p.m – 1:00 a.m.
Saturday, February 20th 9:00a.m – 4:00p.m

What to expect during the upgrade:

We did not see any major service interruptions during the upgrade of our Active Directory in our test environment. You may see short periods of time during the upgrade that you will be unable to log onto the network. This would include connecting remotely to shared drives and E-mail. Logon times did increase during the upgrade activity.

We will provide updated information at this Tech Alerts page. Please check here first if you are experiencing an issue.

If you have any questions or experience issues after the upgrade please contact support at http://it.cas.psu.edu/contactform.htm or call (814) 865-1229.