Tag Archives: Adobe Acrobat

August 2017 Security Updates Summary

It’s the second Tuesday of August and Microsoft and Adobe made available their monthly scheduled security updates.

Microsoft resolved 48 vulnerabilities in total more formally known as CVEs (defined). These are detailed within Microsoft’s new Security Updates Guide.

This month there is only 1 Known Issue for this month’s Microsoft updates.

====================

Separately Adobe made available four security bulletins for the following products:

Adobe Digital Editions (priority 2, 2x critical, 7x important CVEs)

Adobe Experience Manager (priority 2, 1x important, 2x moderate CVEs)

Adobe Acrobat/Reader (priority 2, 43x critical, 24 important CVEs)

Adobe Flash (priority 1, 1x critical, 1x important CVEs)

The priority ratings are explained in this link. Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin (the link includes “April” in the URL but it is not a typo) as appropriate and apply the recommended updates. Google Chrome users should have the updated version installed automatically later this week (if not already available).

If you use any of the above-mentioned Adobe products, please review the security bulletins linked to above and apply the necessary updates. As per the established process the Flash update should be installed as soon as possible since exploit kits (defined) tend to take advantage of newly disclosed vulnerabilities very quickly.

Of note this month is the particularly large Adobe Acrobat/Reader update and the very small Flash Player update. The number of vulnerabilities resolved in last month’s Flash Player update was also small but it is too early to tell if vulnerability is moving away from Flash Player due to Adobe’s recent notice of their intention to de-commission Flash Player in 2020.

=======================
Update:12th September 2017:
=======================
Adobe last month updated their Adobe Acrobat and Acrobat Reader again after the availability of the initial patches in order resolve a regression (defined). Please ensure your installations of these products are updated to the version detailed by Adobe in their updated security bulletin (or are more recent than those listed in the bulletin).

Thank you.
=======================

You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

—————
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

====================
For this month’s Microsoft updates, I will prioritize the order of installation for you below:
====================
Critical severity:

Windows Search

Microsoft Windows Hyper-V

Windows Scripting Engine (affecting Edge, Internet Explorer and Office)

Microsoft Edge and Internet Explorer

Windows PDF Viewer

 

Important severity:

Windows Font Engine
====================

Please install the remaining updates at your earliest convenience.

As always you can find detailed information on the contents of each security bulletin within ComputerWorld’s Patch Tuesday Debugged column.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.52) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary. Please note that Microsoft EMET will be out of support on the 31st of July 2018.

As noted in this new blog post, parts of EMET are to become available in the Creator’s Fall Update for Windows 10 set for release in September 2017.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

January 2017 Security Updates Summary

Earlier today Microsoft and Adobe released their scheduled monthly security updates.

Microsoft only made 4 bulletins available. These updates address 3 vulnerabilities listed within Microsoft’s security bulletin summary (as before excluding the Adobe bulletin). These are more formally known as CVEs (defined).

Once again; there are no Known Issues listed within the above summary page. At the time of writing the IT Pro Patch Tuesday blog does not list any Known Issues. However, please check it before deploying your security updates just to be sure. As always, if any issues do arise, those pages should be your first places to check for solutions.

Next month Microsoft will only be publishing it’s security bulletins and release notes within their Security Updates Guide; rather than distributing this information across several pages. This post from WinSuperSite explains the changes in full.

====================
Adobe made a pair of security bulletins available for Adobe Flash and Adobe Acrobat/Adobe Reader. The Flash Player bulletin resolves 13x priority 1 vulnerabilities. The Adobe Acrobat/Adobe Reader resolves 29x priority 2 vulnerabilities. Adobe’s priority rating are explained in the previous link.

Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin as appropriate and apply the recommended updates. Google Chrome users will have the updated installed automatically alongside the updated version of Google Chrome which will most likely be made available by Google either later today or in the next 1 to 2 days.

If you use Flash or Adobe Acrobat/Adobe Reader any of the above products, please review the security bulletins linked to above and apply the necessary updates. The Flash update should be installed as soon as possible since exploit kits (defined) tend to take advantage of newly disclosed vulnerabilities very quickly.

You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

While there may only be 3 Microsoft bulletins this month, I will prioritise the order of updates for you below:

The update for Microsoft Office should be installed first due to it’s criticality. This should be followed by the update for Microsoft Edge and finally by the LSASS update. The update for Edge is important due to exploit kits relying on such patches not to be installed in order to spread further malware (defined).

As always you can find detailed information on the contents of each security bulletin is published each month within ComputerWorld’s Patch Tuesday Debugged column.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.51) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

Please note that Microsoft EMET is in the process of being retired with the end of support scheduled for the 31st of July 2018.

As is my standard practice, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

May 2016 Security Updates Summary

Earlier today Microsoft and Adobe made their scheduled monthly security updates available.

Microsoft’s updates consist of 17 security bulletins one of which relates to an upcoming Adobe Flash Player update (more details below). These bulletins resolve 36 vulnerabilities more formally known as CVEs (defined).

One point to note that should make deploying these updates easier is that Microsoft’s Security Bulletin Summary doesn’t list any Known Issues at this time. However please double check the IT Pro Patch Tuesday blog to ensure that there are no issues being experienced before you begin installing the new updates.

====================
Update: 25th June 2016:
Microsoft’s Security Bulletin Summary was updated to include known issues with the Microsoft .Net Framework update. Workarounds and resolutions to these issues are available here.
====================

As mentioned above one of Microsoft’s bulletins relates to Adobe’s Flash Player update; however, that update will be made available later this week (scheduled for May 12th according to Adobe). This update will resolve a zero day (defined) vulnerability that is currently being exploited.

In addition, Microsoft made available a security advisory yesterday applicable to Windows 8.1 (and later)(and equivalent Windows Server OSes) for the FalseStart facility of TLS. Please review the advisory and install the applicable update for your systems.

It wasn’t just Flash Player being updated by Adobe today; updates for Adobe Acrobat DC, Acrobat XI, Acrobat Reader DC and Adobe Reader XI address 92 CVEs within those products. These vulnerabilities have been classified as critical but have been assigned Priority 2 by Adobe, meaning that these updates should be installed sometime within the next 30 days. Further details of these updates are available in this security bulletin. An update for Adobe ColdFusion was also made available resolving 3 high severity CVEs.

====================
Update: 11th May 2016:
Microsoft have released their Adobe Flash Player (for Windows 8.1 and later) security bulletin earlier than anticipated. It addresses 24 critical CVEs. Please re-run a check for updates on your Windows PC and install any necessary updates for Flash Player. Further information is available in the relevant security bulletin.

Thank you.
====================

====================
Update: 12th May 2016:
As scheduled Adobe have released an updated version of Flash Player v21.0.0.242 as well as Adobe AIR (its application runtime). It addresses 25 CVEs (the extra CVE is the zero-day vulnerability that Adobe has now resolved). It’s unclear when Microsoft will re-release their update to address this remaining CVE or if the existing update already includes it. However, Google Chrome’s update earlier this week already includes Flash Player v21.0.0.242.

Further information about the Flash Player update is available in this Sophos blog post. Separately, I will continue to update this post as more information becomes available. Thank you.
====================

====================
Update: 15th May 2016:
As expected Microsoft revised their security bulletin for Adobe Flash to include the update that Adobe made available last Thursday. Their update now addresses 25 CVEs rather than the previous 24 CVEs.

Please ensure that you install this update as soon as possible. Thank you.
====================

If you use any of Adobe’s PDF applications mentioned above or Adobe ColdFusion, please follow the above product links to the appropriate security bulletins and apply the necessary updates. This is especially important for the Adobe Reader update since it resolves a very large number of critical severity vulnerabilities among them use-after-free vulnerabilities (defined), heap (defined) overflows and an integer overflow (defined).

As mentioned in January; Adobe no longer supports Acrobat X and Adobe Reader X. They did not receive any updates within that bulletin and will no longer do so. Please upgrade to Adobe Acrobat DC/Acrobat Reader DC or Acrobat XI/Adobe Reader according to your preference.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by making a donation.

—————
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

To assist with making the best use of your time when deploying these updates, I will prioritise the updates for you below:

Please make the Microsoft Internet Explorer update your first priority since CVE-2016-0189 (which it resolves) is currently under attack in the wild (namely being exploited on computing devices used by the general public in their professional and personal lives)). Follow this with Microsoft Edge, Microsoft Office, Microsoft Graphics Component, Windows Shell, Windows Kernel-Mode Drivers (defined), JScript and VBScript, Windows Journal and Windows IIS due to their severities and prevalent use.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

=======================
Aside:
=======================
I wanted to apologise for the lack of recent blog posts being published. The PC that I primarily use to write and publish the content for this blog has suffered a hard disk failure. While I have not lost any data (which is a relief!); the system is non-operational until a suitable replacement can be obtained and installed.

That may be sometime in the next 2 weeks. In the meantime, I will continue to publish using an alternate personal system of mine. This may sound like a perfect substitute, but for a number of reasons I have been finding it far from ideal. But not to worry.

However, posts will be sporadic and will not be as timely as I would like. Some interesting high impact vulnerabilities have been disclosed since my most recent blog post (in April) as well as a large number of security updates. I will endeavour to discuss all of these with you as soon as possible.

Thank you for your understanding and patience as I resolve this issue.

March 2016 Security Updates Summary

Today is Microsoft’s Update Tuesday. Adobe have also released updates for Adobe Acrobat, Adobe Reader and Adobe Digital Editions (Adobe Flash was not updated today; more details on this below).

Similar to last month there are 13 Microsoft security bulletins resolving 44 security issues more formally known as CVEs (defined).

At the time of writing Microsoft’s Security Bulletin Summary does not list any Known issues for the security bulletins made available today. An alternative source for information on Known Issues is the IT Pro Patch Tuesday blog which is usually updated shortly after the release of the updates if any issues are encountered. No issues are listed at the time of writing.

Adobe’s updates for Adobe Acrobat DC, Acrobat XI, Acrobat Reader DC and Adobe Reader XI address 3 CVEs within these products. These vulnerabilities have been classified as critical but have been assigned Priority 2 by Adobe, meaning that these updates should be installed sometime within the next 30 days. Further details of these updates are available in this security bulletin. An update for Adobe Digital Editions was also made available resolving 1 critical CVE.

If you use any of Adobe’s PDF applications mentioned above or Adobe Digital Editions, please follow the above product links to the appropriate security bulletins and apply the necessary updates.

As mentioned in January; Adobe no longer supports Acrobat X and Adobe Reader X. They did not receive any updates within that bulletin and will no longer do so. Please upgrade to Adobe Acrobat DC/Acrobat Reader DC or Acrobat XI/Adobe Reader according to your preference.

=======================
Update: 10th March 2016:
Earlier today Adobe published an updated version of Flash Player bringing it to version 21.0.0.182. This update resolves 23 security issues (all have been assigned CVEs). Adobe AIR, their application runtime was also updated to version 21.0.0.176 within the same bulletin.

Please follow the above Adobe Flash Player bulletin link and apply the necessary updates as soon as possible due to the severity of the issues the Flash update addresses and since one issue, an integer overflow (defined) vulnerability CVE-2016-1010 is being exploited in targeted attacks.

Thank you.
=======================

Adobe within their PSIRT blog post mentioned that a security update for Flash Player will be available in the coming days. No reason(s) for the delay was/were given. Wolfgang Kandek of Qualys in a blog post makes educated guesses as to what may be the cause for the delay. I will update this post when the updates become available.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

To assist with the deployment of Microsoft’s security updates I would recommend prioritising them as follows: Internet Explorer, Microsoft Edge, Windows Graphics Fonts, Windows PDF Library and Windows Media (in this order) due to their critical severities and widespread use.

As always you can then install any remaining applicable updates beginning this round of updates with the Windows USB Mass Storage Class Driver Security update (more info here) due to it’s ease of exploitation and the level of access it can allow an attacker to obtain. Next I would recommend the Kernel Mode Drivers update and Microsoft Office update since exploitation of these vulnerabilities is listed as more likely in the Security Bulletin Summary.

One final security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

January 2016 Security Updates Summary

=======================
Update: 13th January 2016:
Kaspersky have published a blog post that provides details of the security issue resolved by Silverlight update MS16-006. This issue is a zero-day vulnerability (defined) and for that reason should be installed before all other updates mentioned below.

Thank you.
=======================

=======================
Original Post:
=======================
Earlier today Microsoft made available it’s scheduled security updates for Windows and other Microsoft software.

There are 9 bulletins in total (although MS16-009 is not yet available and may be delayed until next month) addressing 25 security issues more formally known as CVEs (defined).

The Security Bulletin Summary lists 2 Known Issues with regard to MS16-007 (an update to Windows which addresses a number of DLL (defined) loading issues, among others). The issues are both related to software from Citrix namely XenDesktop which will experience compatibility issues with this update if it was to be installed. Microsoft will not offer this update to users with this software installed in order to avoid these issues. Microsoft recommends uninstalling the Citrix software, installing the security update and contacting Citrix for a workaround for these issues. This advice was obtained from these knowledge base articles (article 1, article 2) which are referenced within the Security Bulletin Summary.

Microsoft have also made available 2 security advisories today (an advisory for Adobe Flash was published earlier this month to announce the availability of a non-security update). The Deprecation of SHA-1 Hashing Algorithm (discussed and defined here) and the TLS Session Resumption Interoperability update may or may not apply in your environment, please review these advisories to determine if you need to take further action.

Moreover; an alternative source for information on Known Issues is the IT Pro Patch Tuesday blog which is usually updated shortly after the release of the updates if any issues are encountered.

Adobe have also issued updates for Adobe Acrobat DC, Acrobat XI, Acrobat Reader DC and Adobe Reader XI addressing 17 CVEs within these products. These vulnerabilities have been classified as critical but have been assigned Priority 2 by Adobe, meaning that these updates should be installed sometime within the next 30 days. Further details of these updates are available in this security bulletin.

Please note that Adobe Acrobat X and Adobe Reader X are no longer supported. They did not receive any updates within this bulletin and will no longer do so. Please upgrade to Adobe Acrobat DC/ Acrobat Reader DC or Acrobat XI/Adobe Reader according to your preference.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

To assist with prioritizing Microsoft’s updates I would recommend first installing the Silverlight update since it is a zero day security vulnerability (defined) under attack in the wild ((under attack on computing devices used by the general public in their professional and personal lives)).

This should then be followed by the Windows Kernel update since the kernel (defined) is the core of Windows and exploiting this issue could allow the attacker to gain system level privileges (defined) . Next I would recommend installing the updates for Microsoft Office, Internet Explorer, Microsoft Edge and JScript and VBScript due to their critical severities. You can then install any remaining applicable updates.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

October 2015 Security Updates Summary

Today is Update Tuesday and Microsoft made available 6 security bulletins to resolve 33 CVEs (defined). Further details are provided in their Security Bulletin Summary.

Reviewing this summary at the time of writing it currently shows that there are no known issues for these bulletins. Another useful source to monitor for any issues encountered with Microsoft security updates is the IT Pro Patch Tuesday blog.

Adobe have also issued updates for Adobe Acrobat DC, Acrobat XI, Acrobat X, Acrobat Reader DC and Adobe Reader addressing 56 CVEs within these products. These vulnerabilities have been classified as critical but have been assigned Priority 2 by Adobe, meaning that these updates should be installed sometime within the next 30 days. Further details of these updates are available in this security bulletin.

Finally Adobe issued updates to Flash Player and Adobe AIR, its application runtime to resolve 21 critical CVEs. Flash Player updates for Linux, Apple Mac OS X and Windows are available from this link (which can be used if you don’t have automatic updating enabled or simply wish to install the update as soon as possible). Users of Google Chrome have received (I have confirmed this) this Flash update within this Chrome update. Microsoft has announced the availability of their Flash update by updating this security advisory for users of Internet Explorer 10, 11 and Microsoft Edge installed on Windows 8.0, 8.1 and Windows 10 (respectively).

You can monitor the availability of security updates for the majority of your software from the following website (among others) or use Secunia PSI:

—————-
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/
—————-
If you use any of the above software, please install the appropriate updates as soon as possible.
Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

Since the Adobe Flash Player update resolves 21 critical CVEs some of which are likely to be exploited very quickly by exploit kits (defined) this update should be installed first.

If you wish to prioritize the deployment of the Microsoft security updates, I would recommend an installation order of Internet Explorer, JScript and VBScript, Microsoft Office and Windows Shell due to their severity (successful exploitation results in remote code execution; namely allowing a remote attacker to carry out any action of their choice). After installing these updates, install any remaining applicable Microsoft security updates.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

July 2015 Security Updates Summary

On Tuesday the 14th of July, Microsoft made available its monthly security updates resolving 59 CVEs (definition of the term CVE). Details of the affected products are provided in their Security Bulletin Summary. This page also details any Known Issues for these security updates. At the time of writing, only issues for the SQL Server bulletin were present. In addition, an excellent source for information on issues that arise from installing these updates is the IT Pro Patch Tuesday blog.

Adobe made updates available for Flash Player v18.0.0.203 to resolve 2 critical zero day CVEs, Adobe Shockwave Player resolving 2 CVEs and Adobe Acrobat/Adobe Reader resolving 46 CVEs.

In addition, Oracle made available security updates for Java resolving 25 CVEs, among them the zero day CVE-2015-2590.

You can monitor the availability of security updates for the majority of your software from the following website (among others) or use Secunia PSI:

—————-
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/
—————-

If you use any of the above software, please install the appropriate updates as soon as possible.

If you wish to prioritize some of the updates I would recommend installing Adobe’s Flash Player update first due to the nature of the 2 critical flaws that it resolves. The next priorities should be Microsoft’s updates for Internet Explorer (it also includes a fix for the zero day flaw CVE-2015-2425), Remote Desktop Protocol, VBScript, Microsoft Office, ATM Font Driver and Windows Hyper-V due to their severity. In addition the ATM Font Driver vulnerability CVE-2015-2387 and Microsoft Office vulnerability CVE-2015-2424 have already seen exploitation. With high profile issues being resolved by Adobe’s updates it is recommended to install them before they begin to be incorporated into exploit kits for much wider exploitation.

I would also recommend using the Attack Surface Reduction (ASR) feature of Microsoft EMET 5.2 in order to mitigate Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. Details of the ASR feature are available on page 9 and 19 within the EMET user guide (follow this link and opt to download EMET, you can then choose to download only the PDF user guide). How to add Adobe Flash (flash*.ocx) is detailed in this news article. I suggest adding this file name (the full name including the wildcard * and the ocx file extension) to any application that you use that can open Microsoft Office documents or Adobe PDF files as a defence in depth measure. I have done this for all of my Microsoft Office applications and my PDF reader with no issues encountered.

As a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.