NEWS FROM THE LAB - Thursday, February 26, 2009

About the Adobe and Excel Vulnerabilities Posted by Mikko @ 13:21 GMT

Adobe/ExcelThere are two notable vulnerabilities currently being exploited.

Both of them are not yet patched.

One fortunate mitigating factor is that the exploits are being used for targeted attacks.

Though that isn't very much of a mitigation if you happen to be the target.

Here are our vulnerability reports:

  •  Microsoft Excel Invalid Object Reference Vulnerability
  •  Adobe Reader/Acrobat JBIG2 Stream Array Indexing Vulnerability

Microsoft published Security Advisory (968272) on Tuesday and recommends using the Microsoft Office Isolated Conversion Environment (MOICE) as a workaround. High risk "targets" may want to consider this as standard operating procedure.

Adobe is planning to release an update on March 11th. That's March 11th, like two weeks from now.

Adobe's mitigation steps involve disabling JavaScript. However, see discussion here as well.

Adobe's steps are as follows:

  1. Launch Acrobat or Adobe Reader.
  2. Select Edit>Preferences
  3. Select the JavaScript Category
  4. Uncheck the "Enable Acrobat JavaScript" option
  5. Click OK

I'd show you a screenshot of the options, only I don't have Adobe Reader installed.

I find it a bit confusing how commonplace Adobe Reader has become. For some reason everybody seems to be using it for reading PDF files. Even though there are plenty of free alternatives. And the alternatives are much smaller and faster. And start up in under a minute.

From my point of view, Adobe Reader has become the new IE. For security reasons, avoid it if you can.

Ranting off,