Category
Applications (applications-patches)Having security software is not the same as being secure. Right now crooks are walking through a hole in the PDF reader almost everyone uses. Unpatched software is the open door, and Windows Update does not close this one. Here is how that door gets left open, three things you can do today, and an hour with me to watch it get shut, live.
Save My Seat →Thursday, July 9, 2 PM ET. No charge, and it is not a pitch-fest.
The problem: You bought the security software. You feel covered. But a door you can't see is still a door they walk through. Most of the programs on your machines never get the fixes that close those doors, and nobody tells you.
The solution: You do not have to sort this out alone. By the end of this you will know why unpatched software is the open door crooks love, you will have three things you can do today, and you will see the one door almost every computer leaves open.
In this article
Picture an office on a Monday morning. An employee opens a PDF that looks like an invoice from a supplier. Nothing on the screen looks wrong. But the moment that file opened, hidden code inside it began running on her computer, with her access to your files. No bad link to click. No warning. Just a PDF that looked like work.
Adobe Reader, the program almost everyone uses to open PDFs, has a serious hole. Adobe Acrobat has the same one. The government tracks this flaw as CVE-2026-34621. Crooks have been using it in real attacks since late last year. This is not a lab test. It is happening now.
Here is how it works, in plain words. Someone opens a booby-trapped PDF in Adobe Reader. It looks like an invoice, a contract, a shipping form. Hidden code inside that file then runs on the computer with that person's access. It needs one thing to work: a human to open the file. Nobody gets hit in their sleep. A person has to open the PDF.
Adobe shipped an emergency fix. The government's cyber agency, CISA, put this flaw on its must-fix list and gave federal agencies two weeks to install the patch. When the government sets a clock like that, the danger is real and it is here. Adobe shipped the fix. Somebody still has to install it.
Now, here is the thing most people miss. You think Windows Update has you covered. It does not, and the PDF reader shows you why.
Every computer has two kinds of software. First there is Windows itself and Microsoft's own apps. Windows Update patches those. Then there are all the other programs on the machine. Adobe Reader. The zip tools like WinRAR and 7-Zip. Zoom. The little browser add-ons. On a typical machine that is 40 to 60 programs.
• Windows Update fixes Windows and Microsoft's own apps. That is all it touches.
• Adobe Reader updates itself through its own updater, not through Windows Update.
• On most small-business computers that Adobe updater is switched off, put off, or ignored.
• So the fix Adobe shipped can sit uninstalled for months. The door stays open, and crooks keep walking through it.
So "auto-update is on" is not the same as being safe. Auto-update covers Windows. It does not cover Adobe Reader or the old app you forgot you had. Those are the open doors. A known hole with a fix nobody installed is just an unlocked door with a sign on it. And the PDF reader proves the point on almost every machine in the building. Your IT person updates Windows. Who checks everything else?
You cannot stop crooks from looking for open doors. That is their job, and they are good at it. But you can decide which doors are open on your own machines. That part is yours.
Think of unpatched software as a house with 40 to 60 doors. Windows Update locks maybe five of them, the front door and a few windows. The rest sit unlocked because nobody walks the house checking. A crook only needs one. He does not care that the other doors are fine.
A door you already shut is not a way in. That is the whole game. Close the doors, and the crook at the handle finds it locked and moves on. This is why not one client I manage has ever been hit by ransomware. We keep the doors shut, all of them, not just the five Windows handles for you.
One more thing works in your favor. That booby-trapped PDF almost always shows up by email. Check a suspicious email before anyone opens it, and you stop this one early, before it ever reaches the reader.
You do not need to wait for me to start. Three steps, no cost, and they close the doors that matter most.
Open Adobe Reader on every computer. Turn on automatic updates, or check for updates right now. Go to Help, then Check for Updates. Do this on each machine, not just yours. That one step shuts the exact door crooks are using this week.
Make a short list of the programs Windows Update does not cover. Adobe Reader, the zip tool, Zoom, the browser add-ons, any old app. Then update each one, or remove the ones you never use. Fewer programs means fewer doors.
A PDF you did not expect is a PDF worth a second look, even one that says "invoice" or "contract." When in doubt, check the email before anyone opens the file. Then come to the session and watch me shut this exact door, live, on a real machine.
Do the first two today, and you have shut a lot of doors. The third, seeing the ones you did not know were open, is the piece I will walk you through live.
My father fell for a phishing email. I have spent my whole career in this, and it still got him. Scammers got remote access to his computer and started hunting for his financial papers. My step-mother noticed something was off. She called me. I jumped in remotely and stopped them before they reached his bank credentials. We were lucky. We caught it in time.
I tell you that so you know I am not talking down to you. This stuff catches smart people who are busy running a business. I have spent more than 35 years at this, since 1991. FBI InfraGard. Not one client I manage has ever been hit by ransomware. And when a business does get hit, it is almost always an app nobody updated. The good news is that finding those open doors is simple once someone shows you how, and that is exactly what I made easy.
The first two steps are yours to do today. Seeing the open door you did not know about, that is what I will show you, live, in plain English. Here are the three steps.
✅ No charge, and nothing to buy on the call.
✅ It is not a pitch-fest. You will leave with real steps whether or not you ever buy a thing.
✅ Plain English. No jargon, and no talking down to you.
✅ Come live if you can, that is where I answer your questions. Saved a seat but can't make it? I'll send you the replay.
✅ If your setup is in good shape, I will tell you so. No scare tactics.
✅ Straight talk. I will show you what is open, not sell you a promise.
Maybe. But ask him a plain question. Your IT person updates Windows. Who checks everything else? Windows Update is on by default, so that part gets done. Adobe Reader and the 40 or more other programs are the ones that slip, because nothing reminds anybody to look. That is where the open doors sit.
An hour now saves a scramble later. And if your machines are already in good shape, you will walk away knowing it.
Having security software is not the same as being secure. Spend one hour with me and watch the door almost every computer leaves open get shut, live, so you know exactly what to check back at the office. No card needed. Walk out as the owner who can answer "are we covered?" with a flat yes, because you saw for yourself where the doors are.
Save My Seat →Thursday, July 9, 2 PM ET. No charge, and it is not a pitch-fest.
Want this kind of plain-English security news every week? Sign up for Craig's Insider Notes at CraigPeterson.com.
Join thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
Patch management is the process of identifying, acquiring, distributing, and installing software updates, known as patches, to fix security vulnerabilities or technical issues in systems. It is essential for maintaining network security and improving system performance by ensuring that software is up-to-date and compliant with regulations.
Join 10,000+ cybersecurity professionals