Update on Adobe Reader/Acrobat Flaw

A couple of days ago, I posted a note about a new vulnerability in Adobe’s Reader and Acrobat products that was beginning to be exploited via maliciously-crafted PDF files.  Adobe Systems has now posted an updated version of their Security Advisory (APSA 10-02), which includes information on risk mitigation for users on the Windows platform.  (According to Adobe, the attacks seen so far have targeted Windows.)

The mitigation suggested employs a relatively new Microsoft tool with the rather Orwellian name of Enhanced Mitigation Experience Toolkit; Adobe’s Advisory refers to a post on Microsoft’s Security Research and Defense blog for instructions on how to implement the mitigation.   You must first download and install the EMET tool, available here, then follow the instructions in the post.  The download includes an .MSI installer that installs both the program and documentation.   (Note that you must use the actual path to the Adobe executable on your system; the path in the example is for a 64-bit system.)  In essence, what this does is to prevent one of Adobe’s DLLs from being loaded at a predictable virtual memory address.

As Adobe and Microsoft both note, this mitigation has not been extensively tested, due to time pressure, so you should test it yourself before using it on any particularly sensitive systems.

One Response to Update on Adobe Reader/Acrobat Flaw

  1. […] The Internet Storm Center at the SANS Institute has a new diary entry reporting that the new vulnerability in Adobe’s Acrobat and Reader software is being actively exploited.  (This vulnerability has […]

%d bloggers like this: