A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe have now released Adobe Reader 9.1 and Acrobat 9.1 which address this vulnerability. Updated versions of Adobe Reader 7 and 8 will be released later in March.

Adobe recommends Adobe Reader users update to Adobe Reader 9.1, available here:
http://get.adobe.com/reader/

Source: HM Government (CPNI)

What does it affect?: Windows 95, Windows 98, Windows 2000, Windows XP, Windows Vista

What does it do?: Microsoft has announced the availability of an update that corrects a functionality feature of Windows Autorun that can help customers keep their systems protected.  A patch that corrects a Microsoft Office Excel vulnerability has also been released.

How do I fix it?: Update your copy of the software with the download available from the supplier.

Details of Underlying Problem(s): The technical issues are described by the supplier and at the CVE website, and can be found from: http://www.microsoft.com.

Source: HM Government (CPNI)

Yesterday, Adobe released a security bulletin concerning a “critical vulnerability” in Adobe Reader and Acrobat software. These are the programs used to create and read PDF documents.

They plan to release a patch for Adobe Reader 9 by March 11th so be ready to update your software when it comes out. In the meantime, avoid opening PDFs (or any attachments) from untrusted sources.