I have at least one user that has received an "Adobe Security Updates" e-mail from Adobe stating, "A critical vulnerability has been identiied in Adobe Flash Player and Adobe Reader". I say at least one user because only one user has forwarded this message to my CIO.
Now I know that my user is not running the latest version of these two applications. I can fix that. What I want to know is, why is he getting this e-mail? Anyone know who at Adobe I should contact to find out why? Is this because Adobe somehow knows that he's not running the most current version? Or is it just something that Adobe sent out because it seemed like a good idea at the time.
I push Adobe Flash Player, Adobe Shockware Player, and Adobe Reader when I install Windows 7, and autoupdates are disabled as part of the installation process. I'd rather handle the patching myself so I have a better feel for what is going on across my network.
This user was upgraded from Adobe Acrobat 9.x to 10.x. That upgrade was performed manually be someone else. I wonder if THAT is why my uses is receiving this email?
It doesn't sound right that an email is being sent, so you might want to get clarification on that in case they mis-spoke. I was presented with a notification yesterday regarding an update for Reader, but it was via the desktop, not via email.
AHA! You might be right. The links in the e-mail point to a page on adobeupdates<dot>net (I don't want anyone trying to click on the link and getting infected).
Is that a bona-fide Adobe web site? I doubt it. I didn't want to go to the specified page, for fear of infection, but if I tried to go to the main page, I couldn't connect.