UPDATE: Apologies for the previous email that contained the wrong content. Good Afternoon, For those of you who are not already aware, CCIP would like to bring your attention the critical vulnerability in Adobe Reader and Adobe Acrobat that could potentially allow an attacker to take control of the affected system which was released on February 19: http://www.adobe.com/support/security/advisories/apsa09-01.html CCIP is releasing this alert as it has been made aware of active exploitation of this vulnerability in the wild. Adobe have stated that they are expecting to release an update by 11 March 2009 for Adobe 9 and updates for other versions (8 and 7) to follow soon after. Adobe has reported that the following versions are affected: * Adobe Reader 9 and earlier versions * Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions Shadowserver have a write up on their website: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 The US-CERT write up (https://www.kb.cert.org/vuls/id/905281) includes the following mitigation advice: Disable JavaScript in Adobe Reader and Acrobat Disabling Javascript may prevent this vulnerability from being exploited. Acrobat JavaScript can be disabled in the General preferences dialog (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript). Some vendors ship javascript support in a seperate package. Removing this package may remove javascript support in the Adobe PDF reader. Prevent Internet Explorer from automatically opening PDF documents The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the displaying of PDF documents in the web browser Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser: 1. Open Adobe Acrobat Reader. 2. Open the Edit menu. 3. Choose the preferences option. 4. Choose the Internet section. 5. Un-check the "Display PDF in browser" check box. Do not access PDF documents from untrusted sources Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments Regards, The CCIP Team -- Centre for Critical Infrastructure Protection Government Communications Security Bureau P: +64 4 498 7654 F: +64 4 498 7655 E: info(a)ccip.govt.nz I: www.ccip.govt.nz --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---