Tuesday, February 24, 2009

Adobe and Excel exploits in the Wild: article 200903

Adobe announced last week that there is an exploit affecting their Reader and Acrobat programs and that they would not be releasing a fix until March 11th and then on the heels of that today Microsoft announced that their Excel program has an exploit affecting versions 2007 and earlier.

So whats the good news in all of this? It was announced that the exploits do exist! It has been reported that Microsoft themselves in the past have known of a vulnerability and not rushed fix it. Now we are up to speed and awareness can be heightened. The other silver lining is that this is an opportunity to raise security awareness with the use of real world examples.

There are some configuration changes you can make in Adobe to help mitigate the risk such as disabling java script and not allowing PDF's to open in a web browser; beyond that good security practice can a long way as well; such as making sure AV is running and up to data, not untrusted documents and attachments and if receiving an attachment via email call or write the sender back confirming they intended to send the document to you.

By the way; in defense of the software companies there is much work, especially for Microsoft, to test software patches, think of all the versions and languages they support.

No comments:

Post a Comment