Microsoft Helps Adobe Block PDF Zero-Day Exploit 93
CWmike writes "Microsoft has urged Windows users to block ongoing attacks against Adobe's popular PDF viewer by deploying one of Microsoft's enterprise tools. Adobe echoed Microsoft's advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. Called 'scary' and 'clever,' the in-the-wild exploit went public last week when security researcher Mila Parkour reported it to Adobe after analyzing a rogue PDF document attached to spam. Adobe first warned users Wednesday of the threat, but at the time gave users no advice on how to protect themselves until a patch was ready. Microsoft stepped in on Friday. 'The good news is that if you have EMET enabled ... it blocks this exploit,' said Fermin Serna and Andrew Roths, two engineers with the Microsoft Security Response Center in an entry on the group's blog."
A Symantec blog post suggests the people exploiting this vulnerability may be the 'Aurora' group responsible for the attacks on Google late last year.
Re:Its not zero day ... (Score:5, Informative)
When you're well past a week old, why the fuck do you keep calling it 0 day?
Because it was exploitable on day zero. It's a week old zero day exploit.
Re:I already fixed mine (Score:3, Informative)
ASLR (Score:5, Informative)
According to the article..
"Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on."
So enable ASLR on the effing DLL and release a patch, problem solved? Nothing would make me work overtime and on the weekend than a highly visible level 1 bug. Adobe developers must have it good!
Re:I already fixed mine (Score:2, Informative)
'I'm smug and condescending just to be an asshat!' (Score:3, Informative)
What's your point?
At least 'mcgrew' offered a possible solution...so, where's your 'help the rest of the world' solution?
Put up, or shut up, you hypocrite.
You are actively working against your implied cause.
I also use Foxit, and learned about it years ago right here on /., from someone like 'mcgrew', making a similar comment.
The only benefit I got from your comment is you are an asshat, just for the sake of being an asshat.
Re:How is this a real solution? (Score:3, Informative)
You know, Foxit does this. It enables 'secure reading mode' when you open a PDF from the browser. Adobe should copy this feature, but instead they keep talking about a complex sandboxing scheme for their app.
I'd rather they put in a mode like this, but they won't. Why? Because all those features it disables have been engineered by Adobe and as such they have performed a defacto extension of the PDF spec. Disabling this feature is admission that Adobe is incompetent and that people can live without js/flash embedding and mailable forms.
So Adobe's management is all about promoting their features and they don't care much about security. They figure the update process will take care of it, but it doesn't. Heck, Reader doesn't even auto-update itself. You need to manually run the updater once and then it lives in your tray asking you to do the update. End users don't update typically. MS learned that the only way to get them to do it is to enable auto-update by default and they've been doing this since XP SP2.
So now everything is hinged on this sandbox mode that lets them have their cake and eat it too. They want all sorts of insecure features and security. They think they can continue business as usual and the sandboxing will protect everyone. Dunno, this seems to be a pretty big gamble to me. Instead of a simple secure reading mode and setting auto-update to default, they're going the sandbox route. I suspect this really won't help and malware writers will find ways outside the sandbox.
Comment removed (Score:3, Informative)