Adobe is in rapid-fire for releasing updates lately and with the bugs, crashes, and exploits that keep being discovered, they need to be. A few days over a month after version 9.3 patches were released for Adobe Reader and Adobe Acrobat, 9.3.1 is released to address further concerns
From the related Adobe Security Bulletin:
A critical vulnerability has been identified in Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. As described in Security Bulletin APSB10-06, this vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. In addition, a critical vulnerability (CVE-2010-0188) has been identified that could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Deploying Adobe Reader 9.3 was easy because the full installer as a .msi file was directly available for download from Adobe’s FTP site (if only Adobe Acrobat was that easy…). With 9.3.1, a quarterly update instead of a security update, you can download the patch as a .msp file to update the 9.3 .msi file to version 9.3.1. The rest of this article will step through how to patch the .msi file and setup a group policy deployment.
To deploy Adobe Reader 9.3.1, download these two files:
Depending on your settings this may not be required, but for me I’ve found that I have to right-click each file and go to Properties. From the Properties window, click the Unblock button at the bottom and then hit OK. Typically other machines will not be able to install the file if it has not been unblocked for security reasons. Files downloaded from the Internet or copied from another computer may be tagged with this property.
Once the files have been downloaded and “unblocked”, copy the files to a directory where we can work on them. For the convenience, I like working on a directory off of the root of C:. For this example, we’ll create a directory through our Administration Install Point called Reader931. Open the command prompt and navigate to where the AdobeReader 9.3 msi file is. Once there, run this command to create the AIP:
msiexec /a AdbeRdr930_en_us.msi
During this process, it will ask where to create the network install. Point it to C:Reader931 and let the process finish. Now copy the Adobe Reader 9.3.1 msp file there. Then open a command prompt and navigate to the folder you just created. Once there, run this command to slipstream the 9.3.1 patch into the 9.3 installer:
msiexec /a AdbeRdr930_en_us.msi /p AdbeRdrUpd931_all_incr.msp
This will launch a dialog box to give you some options for installing Adobe Reader to the network. Click the next button to proceed to your only option in the process.
Choosing the network location is a bit irrelevant if you’re going to be deploying separate installations over group policy. You can put this in the current directory or a different directory. Choose a directory and click Install. This will go through file copying process like a normal install and notify you when it’s completed in a few minutes.
Once the Administrative Install Point update process completes, close out of the installer. Copy the directory you created for the AIP to your deployment server. You can rename it to reflect the fact that it has been updated to 9.3.1. You can delete the directory you created to contain the install file and the directory created during the update process from your local hard drive.
Create or modify a group policy object like normal and add a Software Installation pack that points at this .msi file that you just modified. You can use the Adobe Customization Wizard 9 to set some preferences for your Adobe Reader 9.3.1 installation. Test and deploy.
We’ll have to test the waters with the next Adobe Reader update. It depends if it is a quarterly update or a security update. A security update should slipstream into our 9.3.1 install file but a quarterly update may require slipstreaming into the unmodified 9.3 .msi file. We’ll have to investigate it when that happens… next month.