Sunday, September 12, 2010

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

Adobe updated Security Advisory APSA10-02 to add the mitigation that Windows users can utilize Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited.

The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your computer system.  Rather than needing complicated code for applying mitigations due to security exploits, with EMET, mitigations can be applied on a per process basis. 

As explained in detail in the Security Research & Defense blog, with EMET enabled for AcroRd32.exe, the Adobe exploit in Security Advisory APSA10-02 is blocked.  Although it is recommended that you read the complete description, following are the instructions for blocking the exploit:
In order to enable EMET for Adobe Reader and Acrobat you have to install EMET and run the following simple command line as an Administrator. Please note the path to the Adobe Reader and Acrobat could be different in your system (especially if you are not using a 64 bit system).

C:\Program Files (x86)\EMET>emet_conf.exe -add "c:\program files (x86)\Adobe\Reader 9.0\Reader\acrord32.exe"

The changes you have made may require restarting one or more applications

EMET Supported OS:

Windows 7;Windows Server 2003 Service Pack 1;Windows Server 2008;Windows Server 2008 R2;Windows Vista Service Pack 1;Windows XP Service Pack 3


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: