Hi,

I have the some problem. It would be a lot easier if the update came in msi format. Hopefully it will come soon or someone knows how to create a msi file of the msp update.

I've tried to extract the MSP I'm getting access denied. the command lind " C:\>AdbeRdrUpd911_all_incr.msp /extract
Access is denied.

Hope they will look into this >>>

The first installation of 9.1.1 seems to have worked.  Patched using the MS Article instructions I referenced earlier.  Copied the folders to my Adobe Reader software distribution folder, on my server.  Takes a while, because a re-deploy is basically un-installing then re-installing the distributed application, but it works.

That's a good question.  The GPO deployed installation says 9.1.1 on the splash page.  The file version info says 9.1.0.2009022700, but the folders within the "Program Files\Adobe\Reader 9.0\Reader" have been modified.  I could be mistaken, but I don' t think incremental updates (like 9.1.1, 8.1.4, and 7.1.1) update the AcroRd32 file version.

Hmmm...that's interesting.  I rolled out a software installation GPO of Adobe Reader 9.1 to PCs which had 8.0 and 9.0 installed, without issue.  The new installation seems to handle that on it's own.  If there was an older version of the reader still installed, then Secunia Software Inspector, which we use, should be picking it up.  I had thought I might need to un-install older versions of Adobe Reader, but I've never had to, with the exception of PCs using version 7 or 6, occasionally.  Those are very few.

Did you roll out the existing 9.0 installations using a GPO?

I am deploying Reader 9.1 to 4000 PCs and there is a security patch and one of my tech send me this email:

--Adobe Will Patch Zero-Day Flaw Next Week (May 4, 2009) Adobe plans to push out a patch next week to address a zero-day flaw in Acrobat and Reader that could be exploited to create denial of service conditions or execute arbitrary code.  Adobe will issue fixes for Reader and Acrobat versions 7, 8 and 9 for Windows and for versions 8 and 9 for Mac and Unix.  Adobe has also acknowledged a second flaw in Reader for Unix that will be fixed in forthcoming Adobe Reader for Unix updates.

Until the fixes are available, Adobe recommends disabling JavaScript in both Reader and Acrobat.

But I can't find the patch, appears that deploying 9.1 will take care this but reading your forum seems that there is another version 9.1.1...

There is a patch?????

Thanks guys!!

Adrian

This worked like a champ!!!...thanks so much, your blog is just perfect...

Have a nice weekend

Adrian Reyes

To be honest, I didn't check all the file versions to determine if I was truly running 9.1.1.  I'm surprised that by applying the update MSP file, that it doesn't update all files?  The main thing I'm concerned about is vulnerability to this new virus.  We've had a couple machines on the network get it, and it's bad.  We've had our hands full in the IT Dept, and did not have time to get on it right away (short staffed), so I'm a little concerned now.  Does an old version of Annots.api leave us susceptible?

Out of curiousity, what does your script look like for the command line incremental patch?

AARRRGGH!  So...  When is Adobe going to release 9.1.1 full in an MSI format, or are there other , more clear options for integrating the incremental patch into a full build?  I have a lot of other higher priority projects to be working on!

Thanks for that.  Still really need to determine how to integrate 9.1.1 properly.  Thanks for the link as well.  The CW has options to turn off browser integration, etc, to reduce the attack surface, so those are options I'll update the blog with.  I'll keep the blog updated as I figure out a workaround to get 9.1.1 updated properly.    

UPPSSS sorry the question was for StriderMatic.....

I tested this a few hours ago,  on my Windows XP workstation.  Adobe Reader 9.1.0 had been installed using a GPO.  The 9.1.1 was installed using the command I referenced in my last post.

I have verified the annots.api to be:

v9.1.1.2009050100  (create/modify date should be 5/1/2009)

I would love to have this working via the GPO, instead of having a separate instruction necessary in the login scripts.

From what I've read, you can use ORCA to edit the transform (MST) files, adding in the incremental updates.  I, however, have no experience with that.

Still looking into other solutions.  Thanks for everyone's suggestions / ideas on this.

Would it be feasable to just overwrite Annots.api itself?  Where there any other files?  I was reworking my script, to re-install 9.1.0 then update if it finds version 9.1.1, but I don't want an endless loop script that uninstalls every time it finds 9.1.1.  Dammit Adobe, release a full version.

Yes you can overwrite Annots.api itself. But you need InstallShild. Ones you update to 9.1.1 take Annots file and create an MSI that copies the updated version and replace the old Annots.api. I have not tested but appears that that the file that we need to updated...and you are all right.... Dammit Adobe at this point I will install the original 9.1.0 and aplied the patch using SMS.

OK, after working with it all day, I figured out what happened.  According to my original instructions, the command:

AdbeRdr910_en_US.exe  -nos_o./InstallFiles -nos_ne

Extracts the AcroRead.msi folder into the "InstallFiles" folder.  It also extracts setup.exe, setup.ini and data1.cab.  This is where EVERYTHING goes wrong.  Inside the data1.cab file is the culprit Annots.api file that we don't want!  When we run:

msiexec /a Acroread.msi /p AdbeRdrUpd911_all_incr.msp

It updates everything to 9.1.1 within the folder, and if you traverse the folder structure you will see in Program Files/Adobe/Reader 9.0/Reader/plug_ins the file we are looking for, but it doesn't use this repository to install from, it uses data1.cab.

To work around this, I've updated my blog.  From scratch, go ahead and extract the MSI file with:

AdbeRdr910_en_US.exe  -nos_o./InstallFiles -nos_ne

Now traverse to that folder and perform:

msiexec /a <path to msi> /t:<network location>

Then we apply the update with:

msiexec /p <path to msp> /a <same network location as above\AcroRead.msi>

Then we need to create a blank setup.ini file for the Customization Wizard

Create setup.ini file in the network location

Run the CW and make your modifications, which generates the MST file needed for the transform.  When done, install using:

msiexec /i <network path to msi> TRANSFORMS=<network path to mst> /qn /L*v %systemdrive%\adobe_install.log

You don't have to use the /L*v switch of course, up to you.  AGAIN, Adobe, update your complete installation or provide clear instruction on how to do this!