Thanks Carl :) That makes perfect sense. -----Original Message----- From: Carl Houseman [mailto:[email protected]] Sent: Tuesday, April 12, 2011 3:41 PM To: NT System Admin Issues Subject: RE: 0 Day in Adobe
Reader X contains the flaw, but an exploit will not succeed because of Protected Mode, which is on by default. Because of Protected Mode's mitigation, Adobe is not releasing the patch off-schedule. Once Reader X is patched, an exploit would not succeed even if Protected Mode is disabled. Carl -----Original Message----- From: Sam Cayze [mailto:[email protected]] Sent: Tuesday, April 12, 2011 4:25 PM To: NT System Admin Issues Subject: RE: 0 Day in Adobe >>> Adobe Reader X Protected Mode mitigations would prevent an exploit >>> of this kind from executing. Then >>> we are currently planning to address this issue in Adobe Reader X >>> for Windows with the next quarterly security update for Adobe Reader Anyone else confused? Is Reader X affected or not? Or is protected mode something that isn't on by default? -Sam -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, April 12, 2011 6:35 AM To: NT System Admin Issues Subject: 0 Day in Adobe Heads up gang, Adobe - Security Advisories: APSA11-02 - Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat: http://www.adobe.com/support/security/advisories/apsa11-02.html This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
