Adobe Reader Vulnerability Disclosed

====================
Updated: 26th February 2019
====================
After the update was issued by Adobe; the original researcher who disclosed it found a bypass and again reported it to Adobe. The bypass was assigned another CVE number; CVE-2019-7815

It has now been addressed by a further update made available by Adobe last Thursday. If you use Adobe Acrobat or Reader, please ensure it is up to date:

Thank you.

====================
Original Post
====================
Yesterday; the security firm 0patch released a micropatch for a vulnerability that was publicly disclosed (defined) in late January.

Why should this vulnerability be considered important?
The vulnerability allows for the extraction/disclosure of the NTLMv2 hashes (defined) associated with your Windows login account to be sent to an attacker when you open a specifically modified PDF document, The information is sent via the SMB protocol (defined) to the attacker essentially allowing the document “to phone home” to them.

Adobe Reader DC (2019.010.20069 and earlier) are affected. This vulnerability is similar to a now patched vulnerability from last year namely; CVE-2018-4993, The new vulnerability is caused by the fact that while a user is warned via a dialog box when opening an XML style sheet via the HTTP protocol; when using the SMB protocol and while following a UNC (defined) link; no such warning appears.

How can you protect your organisation and yourself from this vulnerability?
Please apply the update made available by Adobe earlier today. If for any  reason you cannot update right now, please consider the micropatch from 0patch. A YouTube video of the micropatch in action is available from the following link:

The micropatch does not require a reboot. The patch does not need to be uninstalled once you later install the update from Adobe.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.