Posts Tagged ‘vulnerability’
Adobe patched an impressive 23 vulnerabilities in Reader and Acrobat today, setting a record for this year. Computer World reports that the patches are mostly critical and include one for a flaw that has been actively exploited for a month or more. This update comes to us a week ahead of schedule after Adobe promised to move the date up for this patch to address a new vulnerability in font parsing that is seeing attacks.
Recently Adobe has had to put out quite a few zero-day patches, with an attack on Flash in September that required an out-of-band patch and now this new font bug. The patch put out today includes the Flash patch as well because Reader and Acrobat include code to run Flash embedded in pdfs.
The most notable patch is for the exploit found in early September by Mila Parkour. This exploit was lauded as “scary” and “clever” because it bypassed built-in Windows protections with ease and used a stolen signed digital certificate. The exploit was later named after David Letterbeater who was the subject of many rigged emails as part of the attack.
Adobe notes that 20 of the vulnerabilities being patched could lead to code execution where hackers could hijack the computer. Unlike Microsoft, Adobe does not assign official threat ratings to patches. Two of the remaining bugs could be used to crash Reader or Acrobat and the last is a bug just for the Linux version of Reader. To update your copy of Reader or Acrobat fire up the auto-updater or grab the link from the official Adobe advisory.
This bug has it’s vulnerability in the help and support system. This bug was first found by a Google engineer on the 10th of June but by the 15th criminals had exploited this with websites that have code to install Trojans, spam tools and viruses to the users computer without them knowing.
As Microsoft have not yet found a fix to this bug the advise is to switch the vulnerable part off, for which it has produced an automated tool which can be found on their website. Please download and run the files, also make sure your anti virus software is up to date.
While this affect Windows XP it also affect all of the following
- Microsoft Windows Server 2003 Service Pack 2, when used with:
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows XP Service Pack 2, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Service Pack 3, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
If you want to know more then see their technet blog
