News

Windows Threatened by Adobe Zero-Day Vulnerability

Adobe is warning of a new issue in Adobe Reader on Windows that could lead to attackers hijacking a system.

The "critical" issue, called "U3D memory corruption vulnerability" by Adobe, could cause a system to crash and also allow unrestricted access by hackers. The exploit is carried out by exploiting a hole in the compression file format called universal 3D. While other companies, including HP and Intel, use the universal 3D file format, there has been no word of this particular vulnerability popping up in non-Adobe software.

Adobe warned that the "vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows." The targets have included U.S. aerospace and defense contractor Lockheed Martin and MITRE, which manages many U.S. research centers, and others.

A patch is currently being worked on to fix the vulnerability found in Adobe Reader 9.x versions, and it should be released no later than Dec. 12, according to a security advisory issued on Tuesday. Fixing both Adobe Reader X and Acrobat X is considered to be a lower priority task for Adobe compared with fixing earlier versions of Reader.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012," wrote Wendy Poland, member of the Adobe Product Security Incident Response Team, in a blog post.

There is also less of a risk factor for Macintosh and UNIX systems to be exploited with this vulnerability so a fix will also wait until the next quarterly update.

In the mean time, Brad Arkin, senior director of Product Security & Privacy for Adobe, says that to be 100 percent sure your system is safe, update your older versions of Reader and Acrobat to X.

"We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install," wrote Arkin in a blog post. "Help us help you by running the latest version of the software!"

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

  • How To Block Self-Service Purchasing in Microsoft's Power Platform

    Microsoft threw Office 365 admins a bone when it gave them the ability to block users from purchasing Power Platform tools without IT approval. Here's how to prevent total anarchy.

  • Azure DevOps Services Losing Support for Alternate Credentials

    Microsoft gave notice last week that it's going to drop Alternate Credentials support for authenticating users of its Azure DevOps Services.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.