Making IT Easy » critical

Critical bug in Acrobat Reader

Gunthy — Fri, 07 Nov 2008 08:31:16 +0000

Tuesday (yes I know… I’m late ), there has been a report of a critical security vulnerability in Adobe’s Acrobat Reader. The bug affect version 8.x and probably also all prior versions. Version 9 is said to be not affected.

The hole is exploited through the use of a specially constructed pdf-file using javascript. When successful, the attack could make it so that the attacker can execute code with the user credentials of the person opening the malafied pdf.

Adobe has already issued a security patch for version 8.1.2 which resolves the problem. Alternatively, users can also disable the use of javascript in pdfs in the Preferences menu.

Originally, the exploit was discovered in one of Adobe Reader’s alternatives, called Foxit Reader. By using a similar crafted pdf-file, the same kind of attack could be executed. At first it was assumed that only this Foxit Reader was affected, since the way the javascript was constructed didn’t pose a problem in Acrobat Reader.

However when security analysts examined the code in more detail, they found that also Adobe’s version was being affected. It is true that the bug is not being caused by exactly the same code, but nevertheless this hole was exploitable here as well.

Microsoft issues emergency patch

Gunthy — Fri, 24 Oct 2008 12:08:52 +0000

Yesterday, Microsoft has issued a critical emergency patch for all it’s currently supported platforms. The patch is to plug a security hole that allows unauthorized access to the system.

More in detail, the vulnerability is caused by a hole in the Server Service. Using a custom crafted RPC-call, an attacker could execute code without any authentication. All current supported platforms are affected, but mostly Windows 2000, XP and 2003 are the most vulnerable. For Vista and server 2008 the bug is marked ‘Important’, as on these platforms there is already a double-check through the much debated UAC option.

However it needs to be noted that even without patching, you can successfully protect a computer against the attack by properly using the firewall, or of course turning off the file-sharing option.

The striking fact is that usually Microsoft doesn’t like to deviate from their normal patch cycle. In fact, this has only happened 3 times before according to the Washington Post. So when the Redmond boys do, it usually means the hole is already being used to break into machines.

I’d recommend to everyone to update their Windows machines as soon as possible, either by using Windows Update, or by visiting the Microsoft Update website.