Security Updates Coming for Adobe Reader, Acrobat

Adobe released pre-notification of security updates coming next week for its Reader and Acrobat products. The updates will address critical vulnerabilities in both products, Adobe said.

Microsoft may no longer provide its customers with free advance notification of upcoming Patch Tuesday security updates, but Adobe continues to give users of its Reader and Acrobat products a gratis head’s up of what’s coming.

The company yesterday said it is planning to release security updates next Tuesday for both Acrobat and Reader for Windows and Macintosh.

Adobe says the updates address critical vulnerabilities, but did not provide any detail on the issues. The company did not say whether any of the vulnerabilities have been publicly disclosed, nor whether any are being exploited in the wild.

Adobe said Reader XI (11.0.10) and earlier versions, as well as Reader X (10.1.13) and earlier are affected. Acrobat XI (11.0.10) and earlier versions, as well as Acrobat X (10.1.13) and earlier are affected.

Microsoft is also expected to release its monthly security bulletins on Tuesday. In January, the company announced that it was ending its Advanced Notification Service, which was a decade-long service providing customers the week before Patch Tuesday with a summary of the patches expected to be released, including the number of bulletins and affected products.

Microsoft said it would limit ANS to its Premier support customers and to participants in the Microsoft Active Protections Program (MAPP).

“ANS has always been optimized for large organizations. However, customer feedback indicates that many of our large customers no longer use ANS in the same way they did in the past due to optimized testing and deployment methodologies,” said Chris Betz of the Microsoft Security Resource Center in January. “While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically.”

Patch Tuesday continues to be very much in flux for Microsoft. This week, the company during its Ignite conference announced that starting with Windows 10, security updates would be delivered as they’re available, essentially putting an end to the current cycle of scheduled deliveries that has been in place for more than a decade.

To do so, the company introduced on Monday Windows Update for Business, a new update scheme that will allow IT organizations to designate which machines get updates, including new features, on quicker cycles. New Long Term Servicing Branches will send only security updates to machines, similar to the current Patch Tuesday structure.

Suggested articles