[English version below: "Adobe is thinking to a quarterly Patch Tuesday"]

Buone notizie, Adobe pensa di istituire un Patch Tuesday trimestrale per distribuire gli aggiornamenti di sicurezza di Adobe Reader ed Acrobat (per ora sarebbero esclusi gli altri software quali Adobe Flash Player):

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Questo alla luce di un oggettivo mutamento dello scenario di rischio che ha visto far diventare i documenti PDF come il primo veicolo di attacchi mirati tramite allegati, come evidenziato dai grafici di un’analisi di F-secure che potete osservare nell’articolo Zero Day. Trovate un’analoga indicazione nell’ultimo Microsoft Security Intellingence Report, dove si segnala che “Use of the PDF format as an attack vector rose very sharply in 2H08, with attacks in July amounting to more than twice as many as in all of 1H08 combined and continuing to double, or almost double, for most of the remaining months of the year”.

Applaudo anche all’idea di allineare questi Patch Tuesday trimestrali con quelli Microsoft in modo da semplificare la vita degli amministratori di sistema.

Quindi alla fine le buone iniziative pagano, visto che vengono prese ad esempio.

Altri post/risorse correlate:

==============================================================

Adobe is thinking to a quarterly Patch Tuesday

Good news, Adobe is planning a quarterly Patch Tuesday to deploy Adobe Reader and Acrobat security updates (now other software like Adobe Flash Player would be excluded):

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

This in the light of an objective change in the threat landscape that saw PDF documents to become the first vehicle of targeted attacks through attachments, as you can see from the charts by an F-Secure analysis mentioned in the Zero Day article. You can find a similar trend in the last  Microsoft Security Intellingence Report, where you can read that the “Use of the PDF format as an attack vector rose very sharply in 2H08, with attacks in July amounting to more than twice as many as in all of 1H08 combined and continuing to double, or almost double, for most of the remaining months of the year”.

I also applaud the idea of align these quarterly Patch Tuesday with Microsoft’s ones, just to simplify the systems administrators’ life.

Then at the end good initiatives pay, as they are taken for example.

Other related posts/resources: