Tuesday, April 13, 2010

You Really, Really Should Upgrade Adobe Reader

I am analyzing a Windows RAM dump now where a machine running a version of Adobe Reader that is long off vendor support - version 6.x - got compromised by navigating to a website serving up malicious PDF content from an installation of the YES Exploit Kit.

Many of the commonly available commercial exploit toolkits include robust and reliable working exploits for unpatched Adobe Reader util.printf, Collab.collectEmailInfo, and Collab.getIcon vulnerabilities. Soon I will translate a number of the top exploit kits' exploit lists to English and publish those here to back up my point. For now please take my word for it.

You really, really should be patching Adobe Reader. You really, really should also be actively managing the software lifecycle of Adobe Reader to make sure the versions you have installed on your Windows client machines are patchable (8.x and 9.x only). Just because Adobe stops supporting a version of Adobe Reader doesn't mean those older versions aren't getting exploited. The machine I described in the first paragraph got exploited through an unpatched Adobe Reader 6.x installation, and ended up with a ZeuS/Zbot infection. For over a year now, we have seen malicious PDFs being one of the top types of attacks coming at us.

We have upgraded many thousands of Adobe Reader instances with our packaged upgrade solutions. if you need help getting started doing that yourself, please contact us at sales @ sharpesecurity.com.

email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity

No comments:

Post a Comment