Microsoft Helps Adobe Block PDF Zero-Day Exploit 93
CWmike writes "Microsoft has urged Windows users to block ongoing attacks against Adobe's popular PDF viewer by deploying one of Microsoft's enterprise tools. Adobe echoed Microsoft's advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. Called 'scary' and 'clever,' the in-the-wild exploit went public last week when security researcher Mila Parkour reported it to Adobe after analyzing a rogue PDF document attached to spam. Adobe first warned users Wednesday of the threat, but at the time gave users no advice on how to protect themselves until a patch was ready. Microsoft stepped in on Friday. 'The good news is that if you have EMET enabled ... it blocks this exploit,' said Fermin Serna and Andrew Roths, two engineers with the Microsoft Security Response Center in an entry on the group's blog."
A Symantec blog post suggests the people exploiting this vulnerability may be the 'Aurora' group responsible for the attacks on Google late last year.
Re:Its not zero day ... (Score:1, Interesting)
Sliced cheese now means pasteurized prepackaged cheese product...
Also, your megabyte example is more of a 'coming back' if you ask me, as Mega- is the standard prefix for 1000^2x. It was only in computers where it meant any other multiplier.
Re:Publicity is publicity (Score:4, Interesting)
Every time a news article says there's a flaw in Acrobat Reader and that everyone is vulnerable, it reinforces the idea that everyone uses Acrobat and there is no other option.
No such thing as bad publicity, bandwagon propaganda, and all that. They might as well put flaws in on purpose for the free monthly advertising. All it takes is a tiny portion of flaws to appear in Foxit, which does happen sometimes, and Adobe gets to claim that no reader is flaw-free.
Address Space Layout Randomization... (Score:1, Interesting)
...was called Scatter Loading in AmigaOS 1.0 back in the 80's, and was done to everything loaded into RAM, executables, shared libraries, data, everything. *sigh*