Thanks for posting. Curious, will this work with restricted users since logons scripts run under the user's context?
________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of jond Sent: Wednesday, February 25, 2009 10:34 AM To: NT System Admin Issues Subject: Re: Adobe 0-day Here example of the code I put in our login script if anyone needs it. It will need to be modified if you want to use it, and do your own DD, and testing before you blow up all your users computers :) ------------------------------------------------------------------------ @echo off :: if exist c:\jon\acrobat_java_disable.txt goto endaj :: Determine version regedit /e c:\jon\acrobatver.txt HKEY_CURRENT_USER\software\adobe :: :: more C:\jon\acrobatver.txt | FIND "Acrobat Reader\9.0" >> c:\jon\junk.txt IF ERRORLEVEL 1 goto next1 echo installing patch for reader 9 regedit /s \\fileserver06\shared\jon\2009\disable_acrobat9_js\acrobat_reader_9.reg :next1 :: more C:\jon\acrobatver.txt | FIND "Adobe Acrobat\9.0" >> c:\jon\junk.txt IF ERRORLEVEL 1 goto next2 echo installing patch for acrobat 9 regedit /s \\fileserver06\shared\jon\2009\disable_acrobat9_js\acrobat_acrobat_9.reg :next2 :: more C:\jon\acrobatver.txt | FIND "Acrobat Reader\8.0" >> c:\jon\junk.txt IF ERRORLEVEL 1 goto next3 echo installing patch for reader 8 regedit /s \\fileserver06\shared\jon\2009\disable_acrobat9_js\acrobat_reader_8.reg :next3 :: more C:\jon\acrobatver.txt | FIND "Adobe Acrobat\8.0" >> c:\jon\junk.txt IF ERRORLEVEL 1 goto next4 echo installing patch for acrobat 8 regedit /s \\fileserver06\shared\jon\2009\disable_acrobat9_js\acrobat_acrobat_8.reg :next4 :: echo ... > c:\jon\acrobat_java_disable.txt :endaj ----------------------------------------------------------------------- This is an example of one of the reg keys: --------------------------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\software\adobe\Adobe Acrobat\9.0\jsprefs] "bConsoleOpen"=dword:00000000 "bEnableGlobalSecurity"=dword:00000001 "bEnableJS"=dword:00000000 "bEnableMenuItems"=dword:00000000 --------------------------------------------------------------------- Jon On Wed, Feb 25, 2009 at 10:00 AM, Andy Ognenoff <[email protected]> wrote: More stuff concerning the PDF/JBIG issues: http://blogs.zdnet.com/security/?p=2668 (Has got some reg tweaks and such for disabling auto open in IE) http://isc.sans.org/diary.html?storyid=5926 http://isc.sans.org/diary.html?storyid=5932 - Andy O. >-----Original Message----- >From: David Lum [mailto:[email protected]] >Sent: Tuesday, February 24, 2009 4:55 PM >To: NT System Admin Issues >Subject: RE: Adobe 0-day > >This just floated across the patch management list > >""During our analysis, Secunia managed to create a reliable, fully working >exploit (available for Secunia Binary Analysis customers), which does not >use JavaScript and can therefore successfully compromise users, who may >think they are safe because JavaScript support has been disabled." > >http://secunia.com/blog/44/ > >Comments? I do remember seeing the Jscript doesn't prevent it, just makes >engineering the exploit tougher. > >David Lum // SYSTEMS ENGINEER >NORTHWEST EVALUATION ASSOCIATION >(Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
