Updated: 26th February 2019
After the update was issued by Adobe; the original researcher who disclosed it found a bypass and again reported it to Adobe. The bypass was assigned another CVE number; CVE-2019-7815
It has now been addressed by a further update made available by Adobe last Thursday. If you use Adobe Acrobat or Reader, please ensure it is up to date:
Why should this vulnerability be considered important?
The vulnerability allows for the extraction/disclosure of the NTLMv2 hashes (defined) associated with your Windows login account to be sent to an attacker when you open a specifically modified PDF document, The information is sent via the SMB protocol (defined) to the attacker essentially allowing the document “to phone home” to them.
Adobe Reader DC (2019.010.20069 and earlier) are affected. This vulnerability is similar to a now patched vulnerability from last year namely; CVE-2018-4993, The new vulnerability is caused by the fact that while a user is warned via a dialog box when opening an XML style sheet via the HTTP protocol; when using the SMB protocol and while following a UNC (defined) link; no such warning appears.
How can you protect your organisation and yourself from this vulnerability?
Please apply the update made available by Adobe earlier today. If for any reason you cannot update right now, please consider the micropatch from 0patch. A YouTube video of the micropatch in action is available from the following link:
The micropatch does not require a reboot. The patch does not need to be uninstalled once you later install the update from Adobe.