Slashdot Mirror
Microsoft Helps Adobe Block PDF Zero-Day Exploit
CWmike writes "Microsoft has urged Windows users to block ongoing attacks against Adobe's popular PDF viewer by deploying one of Microsoft's enterprise tools. Adobe echoed Microsoft's advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. Called 'scary' and 'clever,' the in-the-wild exploit went public last week when security researcher Mila Parkour reported it to Adobe after analyzing a rogue PDF document attached to spam. Adobe first warned users Wednesday of the threat, but at the time gave users no advice on how to protect themselves until a patch was ready. Microsoft stepped in on Friday. 'The good news is that if you have EMET enabled ... it blocks this exploit,' said Fermin Serna and Andrew Roths, two engineers with the Microsoft Security Response Center in an entry on the group's blog."
A Symantec blog post suggests the people exploiting this vulnerability may be the 'Aurora' group responsible for the attacks on Google late last year.
I ununstalled Adobe Reader and installed Foxit. Problem solved!
Free Martian Whores!
Don't use either.
When you're well past a week old, why the fuck do you keep calling it 0 day?
Because it was exploitable on day zero. It's a week old zero day exploit.
Free Martian Whores!
Look, naming conventions change over time and I'm not so sure it ever meant what you seem to think it meant anyway. In this context "0 day" means there are no known fixes for the problem. In other words it has been 0 days since a fix was released.
Maybe it's out of endearment...0 day, look at you. You're all grown up but don't forget you'll always be MY 0 day. (hugs)
I highly doubt home consumers (i.e. your grandmother) are going to install this enterprise application in order to solve a "0 day" exploit for Adobe. I mean, really? Can a normal person even read the previous sentence I just wrote?
Maybe they should work harder at patching it then finding workarounds, or just tell us the truth (don't open any PDFs, or use foxit).
Well, just like standard language, words become twisted and used wrongly enough that they become common use, then over x time, standard use. How many people have you heard use the word "ignorant" to mean "asshole"? Or "ironic" to mean "coincidental"?
I mean hell, in the IT world, a couple of examples are "megabyte" which somehow now means 1000^2 bytes now, instead of the 1024^2 that it has meant forever (or as long as I have been alive). "Alpha" software used to be "still in design phase" and Beta used to mean "We have everything we want done... we just have some bugs to work out". Now "Beta" has taken on the old "Alpha" meaning and "Release Candidate" has taken the meaning of "Beta".
You can't fight it. It is pointless. Just facepalm quietly at your desk and hope "bacon" doesn't come to mean something else. That is one of the signs of the end of days.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
hope "bacon" doesn't come to mean something else
Do you mean regular bacon or Canadian (which is really ham)?
When Micosoft does something that isn't evil, it's considered news?
MS, Adobe, and a new virus walk into a bar ... and the punchline is the word 'scary' isn't applied to using MS products. Although it scares the hell out of me, being a strictly Linux/Mac guy.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
hope "bacon" doesn't come to mean something else
Do you mean regular bacon or Canadian (which is really ham)?
Or Turkey bacon. Which stills makes me think for a second or two when ever I hear or see it.
What does it say about your company when another company has to clean up your mess while you stand around, thumb up ass, not appearing to be doing anything meaningful?
This has nothing to do about MS being good or evil. They've got a solution to the problem and it's much welcomed. Hopefully Adobe gets this fixed shortly so that people who can't make use of Microsoft's solution don't have to worry about the vulnerability either.
Look, naming conventions change over time and I'm not so sure it ever meant what you seem to think it meant anyway. In this context "0 day" means there are no known fixes for the problem. In other words it has been 0 days since a fix was released.
It did mean that, at one time. Zero-day meant that it was still unpublished... still secret. You had an exploit that was going to work because "nobody" knew about it. That is, nobody but you and others who had elite access to the BBS' filez. Now the industry has shifted the term to mean that the vulnerability is unpatched. Which, I suppose, has a lot of the same general meaning. Although I think it's lost a lot of the edge; big difference between unpatched and (relatively) unknown.
But then - this is all just semantics. You kids get off my lawn. Back in my day, we had to push bits through MODEMs - both ways. We used KERMIT and we LIKED IT (unless we had ZMODEM). Etc, etc.
This is /. Anything related to computer security is news. Especially when it effectivaly targets most, if not, all the users/customers we have to help all day (and night, and weekends!).
Not every story about Microsoft is posted just because it's about Microsoft.
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
Sliced cheese now means pasteurized prepackaged cheese product...
Also, your megabyte example is more of a 'coming back' if you ask me, as Mega- is the standard prefix for 1000^2x. It was only in computers where it meant any other multiplier.
"This."
Seriously, Foxit is the way to go unless you have a reason. If you can't think of one, then yo don't have one :). There are things Foxit doesn't do or documents it has problems with but for normal users it is exceedingly unlikely you encounter it. The thing is much lighter weight and seems to have few security issues. Maybe it is just because nobody is looking, but regardless.
I was so glad when I found it for rolling out in our instructional labs. I got sick of having to do an update for Acrobat every other week.
to hell with adobe
MS, Adobe, and a new virus walk into a bar ... and the punchline is the word 'scary' isn't applied to using MS products. Although it scares the hell out of me, being a strictly homosexual guy.
I'm still waiting for the upgraded version, the powerful -1 day exploit.
Great, so EMET will be downloaded by a few developers and IT experts and their system will work fine. However, develop and deploy this beta application to run on the thousands of end user workstations on a corporate network? I'm sure between the unintended system slow down from YET ANOTHER APPLICATIOn combined with users wondering what this new icon is doing ought to be seemless. Too bad FoxIt and others don't provide a nagware free product that's an enterprise solution. Maybe Adobe will start roping back in all their bloat from the last decade and really tighten up their app?
I'm not sure that's correct? I thought it was a Zero Day attack if on the day the attack occurred, the problem was not yet known.
Zero Day:
1) People start receiving emails with engineered PDFs that take advantage of the flaw.
2) Adobe discovers the flaw.
Not Zero Day:
1) Adobe discovers (and typically announces) a potential vulnerability
2) The next day, people start receiving emails with engineered PDFs that take advantage of the flaw.
Every time a news article says there's a flaw in Acrobat Reader and that everyone is vulnerable, it reinforces the idea that everyone uses Acrobat and there is no other option.
No such thing as bad publicity, bandwagon propaganda, and all that. They might as well put flaws in on purpose for the free monthly advertising. All it takes is a tiny portion of flaws to appear in Foxit, which does happen sometimes, and Adobe gets to claim that no reader is flaw-free.
Why doesn't Microsoft make EMET part of Windows Defender, and auto-update the settings for various applications/DLLs (like the way they update compatibility-mode settings for websites in IE8)? They could have prevented this exploit on day 1.
According to the article..
"Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on."
So enable ASLR on the effing DLL and release a patch, problem solved? Nothing would make me work overtime and on the weekend than a highly visible level 1 bug. Adobe developers must have it good!
did you forget to take your meds?
Just what the world needs: a security automaton which drops dead if you get one letter wrong.
Lacking <sarcasm> tags,
Here is a Technet video describing EMET and here is the download url.
I mean hell, in the IT world, a couple of examples are "megabyte" which somehow now means 1000^2 bytes now, instead of the 1024^2 that it has meant forever (or as long as I have been alive).
It still means what it used to meant, unless you're a drive maker. They did get a committee to muddle the water in order to avoid lawsuits, but that doesn't change the meaning of a term that's well-established for sixty years.
The few places that do use it do have bad effects. In facts, "MiB" for most IT professionals who haven't heard of that committee's revelations sounds like "millions of bytes", bringing confusion. Plain old "MB" doesn't have that flaw as long as drive labelling is not concerned.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
It's the Enhanced Mitigation Experience Toolkit -- no migration required.
Do you mean regular bacon or Canadian (which is really ham)?
Kevin Bacon is Canadian? I thought he was American?
Free Martian Whores!
-1 day exploit.
You mean the user?
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
anyone know what that might be?
My personal system uses PDF Xchange Viewer. But on another that has Acrobat Reader 8.x installed, I'm not able to find the dll in question. I never upgraded to 9.x on that system due to bloat but guess new features will come with bugs/vulnerabilities.
What's your point?
At least 'mcgrew' offered a possible solution...so, where's your 'help the rest of the world' solution?
Put up, or shut up, you hypocrite.
You are actively working against your implied cause.
I also use Foxit, and learned about it years ago right here on /., from someone like 'mcgrew', making a similar comment.
The only benefit I got from your comment is you are an asshat, just for the sake of being an asshat.
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Project much, gayboy?
You sir, deserve my vote.
Especially when it effectivaly targets most, if not, all the users/customers we have to help all day (and night, and weekends!).
Not everyone here works in tech support. I had always assumed, based on the comments, that most people here are engineers of some flavor.
...was called Scatter Loading in AmigaOS 1.0 back in the 80's, and was done to everything loaded into RAM, executables, shared libraries, data, everything. *sigh*
> I mean hell, in the IT world, a couple of examples are "megabyte" which somehow now means 1000^2 bytes now, instead of the 1024^2 that it has meant forever (or as long as I have been alive).
Which is kind of funny given how the prefix mega had meant 10^6 for a really long time before that, including the telco world and the bits it moved around.
You ever noticed some people like Jerry Falwell and the poster of the above spend entirely too much time thinking about homosexuals, far more than would be considered "normal" for a straight male? Methinks the lady doth protest too much...
... and release lite & (somewhat) safe release of Acrobat Reader for home users that just reads plain PDF files that have 0 extra "features". and 99% of world would happily use it.
Obviously no one here uses Microsoft products, but it is Mitigation not Migration...
From TFSummary:
Reads like Parkour reported an exploit being used actively in the wild to Adobe, to me. Which would make the sequence of events (1), (2), and this a zero day exploit. Silly term in any case, the relevant terms are, imo, "fixed" and "ongoing."
http://technet.microsoft.com/en-us/magazine/2008.03.windowsconfidential.aspx
Only in the USA. Everywhere else (even Canada) it means real cheese sliced into ... slices.
No he means the FFFFFFFF -ing user.
We're a Linux shop, you insensitive clod!
thegodmovie.com - watch it
I've often wondered why Adobe's Acrobat Reader is such a large install, when it doesn't actually do much more than read .pdf files anyway.
To have a right to do a thing is not at all the same as to be right in doing it
The _telco_ world was never one of the 1024 users. Telecomms is all based around the old bitrates of the telephone systems, which were always multiples of 1000 bits per second:
Historically, audio telephony had a sampling frequency 8 kHz.
As we went digital, G711 audio channels and ISDN B channels were 64000 b/s for 8-bit audio. Other codecs shrank that to 32000 b/s, 16000 b/s, etc. ISDN D channels were 16000 b/s. ISDN PRI channels were variously 1544000 b/s or 2048000 b/s. All the fat pipes carrying data around, be that SONET (PDH) or SDH use variously
8448000 b/s, 34368000 b/s, 139264000 b/s, etc., etc.
All those numbers are multiples of the original 8 kHz.
So don't blame telephony for the 1024s - they're the least guilty. (Telephony would even include multipliers like 30 or 31, as you'd do the old power-of-2 thing, then reserve space for control or stuffing, or...)
Also FatPhil on SoylentNews, id 863
Doh - that's what you're saying. Tedious facts intended for your parent poster.
Also FatPhil on SoylentNews, id 863
"'The good news is that if you have EMET enabled ... it blocks this exploit,'"
You know what else blocks this exploit? Not using Acrobat Reader.