Updates: Adobe Reader & Acrobat 8.1 on WinXP

[mechBgon]

I noticed this over at SANS.

Update for Adobe Reader 8.1 on WinXP:

http://www.adobe.com/support/d...ct=10&platform=Windows

Update for Adobe Acrobat 8.1 (not Reader, but rather the full-ride dealio) on WinXP:

http://www.adobe.com/support/d...uct=1&platform=Windows


Update for RealPlayer to eliminate an exploitable vulnerability:

http://service.real.com/realpl...rity/191007_player/en/



Obligatory mention of the Secunia Personal Software Inspector and/or the Secunia online Software Inspector to check Windows systems for other fixable vulnerabilities :thumbsup: The Personal Software Inspector wasn't Vista-compatible when I last checked.

Bad guys won't target just your browser or your OS anymore, so make sure your bases are covered. Also, remember that if you can use a non-Administrator user account for daily-driver stuff like email, web browsing and IM, this will strongly limit what even a successful exploit can actually accomplish on your computer, known or unknown.

 

[Schadenfroh]

Thanks mech, will update my family's PCs when I see them. Either that or move them to foxit reader.

 

[mechBgon]

Sure thing and I just spotted this article at The Register about the RealPlayer vulnerability:

http://www.theregister.co.uk/2..._media_serves_malware/

Real Media has become the latest ad network to be outed as an unwitting ally to cyber crooks. In September, it was disclosed that Yahoo!-owned Right Media served about 12 million ads over three weeks, which silently installed a Trojan back door on unpatched Windows machines. The ads were served on MySpace, PhotoBucket and other popular web destinations.

 

[mechBgon]

SANS now has reports of .PDF exploit files arriving via email:

Obviously please patch, apply the workarounds, and/or ensure you can detect and block the exploit. File names seen so far are "BILL.pdf" and "INVOICE.pdf".

http://isc.sans.org/diary.html?storyid=3537

edit: Symantec has further info: http://www.symantec.com/enterp...pdfs_attack_again.html

Patch time!

 

[mechBgon]

It is now reported that the bad guys are cranking out Spam in volume with malicious PDF files attached. Microsoft reportedly is working on a security patch that'll address the underlying issue at Microsoft's end of the stick, whether other vendors fix it from their end or not (not just Adobe, but everyone else too). So take five minutes and get your stuff patched up

 

[Medea]

Here's an article on the PDF attacks:
http://blogs.zdnet.com/security/?p=614&tag=nl.e589

 

[bwatson283]

I hate real player

 

[mechBgon]

Originally posted by: bwatson283
I hate real player

Don't we all

eWeek reports that at least one more group has begun sending malicious PDF files targetting the ShellExecute vulnerability via Adobe's products on WinXP.

http://www.eweek.com/article2/0,1895,2209010,00.asp

Using names like "report.pdf" and "debt.2007.10.31.816537.pdf", the PDF file installs several different pieces of malware, including the Zeus variant of the PRG Trojan. It uses anti-debug/anti-VMware tactics to evade analysis and slowly downloads other files to the infected host via BITS (Background Intelligent Transfer Service), a lightweight HTTP-based protocol that is usually allowed through firewalls because it's what Microsoft Update uses, Jackson said.

I haven't seen any firm timeframe mentioned for the Microsoft patch which would fix the underlying vulnerability. From what I've read, it goes pretty deep, so they need to test pretty rigorously before they deploy it.