New Zero Day Vulnerability - does it impact Reader 8.3.1

Similar Messages

• Patch for the lastest zero day vulnerability

  Hi
  Microsoft has released a patch for the latest zero day vulnerability. In the page
  https://support.microsoft.com/kb/2887505 it is written:
  "You must have security update 2870699 installed for this Fix it to provide effective protection against this issue."
  Question: What happens if this path is installed and 2870699 has not been installed yet?
  a: Will not provide effective protection against this issue before 2870699 has been installed - but work fine when it has been installed?
  or
  b: Will never provide effective protection against this issue if 2870699 is installed after the fix in 2887505.
  Thanks in advance
  Best regards Harald

  Hi,
  This fixit is a appcompat shim, performs as a temporary Advanced Workaround to help protect against attempts to exploit this vulnerability. I think
  it is recommended to install the two updates in sequence just as described in the KB.
  To better understand this, I’d like to share the following articles with you:
  CVE-2013-3893: Fix it workaround available
  http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
  Regards,
  Yolanda

• Zero Day Vulnerability

  I was wondering if anyone has done the following and if so did it break anything?
  We are just in the process of deciding if this needs to be deployed to our entire estate and I am looking at the risks involved
  Any advise on this will be appreciated
  Unregister VGX.DLL               
  For 32-bit Windows systems              
  Important: For this workaround to take effect, you MUST run it from an elevated command prompt.
  From an elevated command prompt enter the following command:         
  Copy
  "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  A dialog box should appear after the command is run to confirm that the un-registration process has succeeded. Click
  OK to close the dialog box.
  Close and reopen Internet Explorer for the changes to take effect.

  This issue was resolved by deploying the hotfix that Microsoft released that same day.

• IE8 zero day vulnerability

  Vulnerability in Internet Explorer Could Allow Remote Code Execution (Published: Friday, May 03, 2013)
  http://technet.microsoft.com/en-us/security/advisory/2847140
  Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.
  IE 6, 7, 9, 10 are not affected.

  Temporary FixIt workaround available http://support.microsoft.com/kb/2847140

• Leaked Flash Zero Day Likely to be Exploited by Attackers

  SURPRISE! There's a Flas 0-Day exploit.If you're not following ourSecurity Responseteam by now (also at@threatintel)you probably should.Whether you are a Symantec user or not, the men and women of this team are out there fighting the good fight every day and bringing the information to you. Dig it:Leaked Flash Zero Day Likely to be Exploited by Attackers
  Proof-of -concept code to unpatched vulnerability published after breach at hackers-for-hire company.Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.Details of the vulnerability surfaced following acyberattack against the controversial...
  This topic first appeared in the Spiceworks Community

  Looks like it's there now
  # pacman -Syu
  :: Synchronizing package databases...
  core is up to date
  extra 377.0K 429.6K/s 00:00:01 [##############################################] 100%
  community 370.0K 271.5K/s 00:00:01 [##############################################] 100%
  :: Starting full system upgrade...
  resolving dependencies...
  looking for inter-conflicts...
  Targets (15): brltty-4.0-1 xulrunner-1.9.1.1-1 firefox-3.5.1-1 lib32-glibc-2.10.1-3
  lib32-e2fsprogs-1.41.8-1 lib32-gcc-libs-4.4.0-5 lib32-libgl-7.4.4-1 lib32-libjpeg-7-1
  lib32-libxml2-2.7.3-2 lib32-libxt-1.0.6-1 lib32-mesa-7.4.4-1 recode-3.6-3 enca-1.9-4
  libass-0.9.6-2 vlc-1.0.0-5
  Total Download Size: 41.50 MB
  Total Installed Size: 143.15 MB
  Proceed with installation? [Y/n]

• Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.

  Thanks for the heads up Symantec Matt. 

  Aaaahhhh yes... remember when an entire day could by without news of a breach or hack or targeted attack? Yeah... neither do I.It will probably shock you all to hear that the Symantec Security Response team dropped a new blog over the weekend outlining a Zero-Day vulnerability in Adobe Flash player. Dig it:Second PoC Exploit for Adobe Flash Player Discovered After the Hackers-for-Hire Company Breach
  Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.Symantec is aware of a second vulnerability (CVE-2015-5122) in Adobe Flash Player that’s associated withHacking Team, the Italian company which recently suffered a major data breach. The existence of the unpatched vulnerability has been confirmed by Adobein itssecurity bulletin.Symantec’s analysis has confirmed that the vulnerability can be successfully exploited...
  This topic first appeared in the Spiceworks Community

• Virus/Malware Solution Recommended For Flash Zero Day Breach

  Can anyone recommend a virus/malware protection solution.  I attempted to download adobe flash this morning and now malware has control of my browser and is sending a page with an 866 number to call.  My IT tech called the number and it is an India call center and they want remote access to your machine.  I have installed several different malware packages and none of them can find the files that are causing this problem.  I am using a MAC with OSX 10.10.

  Aaaahhhh yes... remember when an entire day could by without news of a breach or hack or targeted attack? Yeah... neither do I.It will probably shock you all to hear that the Symantec Security Response team dropped a new blog over the weekend outlining a Zero-Day vulnerability in Adobe Flash player. Dig it:Second PoC Exploit for Adobe Flash Player Discovered After the Hackers-for-Hire Company Breach
  Yet another Adobe Flash Player zero-day discovered from the Hacking Team breach.Symantec is aware of a second vulnerability (CVE-2015-5122) in Adobe Flash Player that’s associated withHacking Team, the Italian company which recently suffered a major data breach. The existence of the unpatched vulnerability has been confirmed by Adobein itssecurity bulletin.Symantec’s analysis has confirmed that the vulnerability can be successfully exploited...
  This topic first appeared in the Spiceworks Community

• Researchers reveal attack code for new IE zero-day...

  Until this is patched all versions of  Internet Explorer including IE8 on Windows 7 are vulnerable.  
  Researchers reveal attack code for new IE zero-day
  Try to avoid using Internet Explorer until patched, I'd rather warn people now than let the Holodays etc be ruined.
  Merry Christmas & Happy New Year.
  "I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)

  Rottie wrote:
  Not being smug, but this is one of the many reasons why I personally prefer to use an open source browser. Fix times for "exploits" tend to be a lot faster.
  Seasons greetings to you, too.
  I only unlock IE when applying Windows Security Patches, otherwise I use a variety of locked down Browsers, 
  The purpose of my post however was to warn those that use IE through choice or other than that at their workplace.
  Again Seasons Greeting to you.
  "I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)

• Warning: Zero Day exploit in the wild targeting Adobe Reader 9.4.6

  Adobe has just released details of a Zero Day exploit targeting Reader version 9.4.6, details here: http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html
  An independent site called H Security also has some background info on the subject which, to a lesser degree, also affects 10.1.1: http://www.h-online.com/security/news/item/New-Adobe-Reader-zero-day-in-the-wild-1391441.h tml

  So here we are now sitting pretty with Reader updated to 9.4.7
  However, once again, this update has FAILED to address the issue with the Firefox plugin which remains as 9.4.5.236
  So anybody who unwittingly updates Reader to 9.4.7 but doesn't notice that the Firefox plugin remains as 9.4.5.236 is going to have a nasty surprise if they happen to land on a malware infested site!
  The only workaround here is to disable the plugin in the Firefox Add-ons manager which you can access by hitting CTRL+SHIFT+A. Go to the Plugins menu and click the "Disable" button to the right on the Reader installation. This means you will be unable to read PDF files in the Firefox browser and will instead be presented with the option to download them to your own machine. If however you choose to open them with the disabled plugin, it will once again remain enabled until you manually disable it again, so be careful.

• I have downloaded music to my phone through my Apple ID and it has this message that reads you can download purchases on this device with one Apple ID account every ninety days, what does this mean and how do I fix it?

  I have downloaded music to my phone through my Apple ID and it has this message that reads you can download purchases on this device with one Apple ID account every ninety days, what does this mean and how do I fix it?

  Well, it doesn't mean that at all. You can download music purchased with an Apple ID to up to 10 devices. There is no 90 day wait. The wait is if you change the Apple ID.

• Just bought new iMac. When browsing in Safari, sometimes the text suddenly gets super large. I'm doing nothing except reading the screen, tho I have my hand on the mouse. I can get back to normal size by clicking "actual size" in View. What gives?

  Just bought brand new new iMac. When browsing in Safari, sometimes the text suddenly gets super large. I'm doing nothing except reading the screen, tho I usually have my hand resting lightly on the mouse. I can get back to normal size by clicking "actual size" in View. But then it does it again a minute or two later. What gives? Something seems defective--but what?

  From System Preferences, Mouse, Point & Click, Secondary click.  Go to it hover over Secondary click and watch the short video sequence change it left right, left right, you will see exactly what is does. No I do not think your Mouse is defective, you simply need to take control of your Mouse finger.

• I have Adobe photoshop cs5. need to update camera raw, cause my camera raw is  2010and does not read my camera,  I went out and downloaded the new one and it does not link to adobe photoshop cs5

  I have moved my Photoshop CS5 to my traveling computer,a Surface Pro 3.  I have photoshop loaded but in trying to look at raw images it says my camera raw does not support the sony alpha 65 which is what I have.  I went out and tried to download the newest raw version and even went out and did a zipfile download and it will not update my current version.  What should I do

  I have 6.0.  Tried to download newest verion and it will not download.  Went out and then downloaded a zipfile and it still will not download, thus cannot look at my raw pictures.
  Thanks, John
  m: gener7 
  Sent: Thursday, December 11, 2014 6:01 PM
  To: JOHN STAHLY
  Subject:  I have Adobe photoshop cs5. need to update camera raw, cause my camera raw is  2010and does not read my camera,  I went out and downloaded the new one and it does not link to adobe photoshop cs5
  I have Adobe photoshop cs5. need to update camera raw, cause my camera raw is  2010and does not read my camera,  I went out and downloaded the new one and it does not link to adobe photoshop cs5
  created by gener7 <https://forums.adobe.com/people/gener7>  in Photoshop General Discussion - View the full discussion <https://forums.adobe.com/message/7007148#7007148>

• I had put my 3G sim in one IPAD 2 for testing. After 2 days I put the sim in my own IPAD 2 , but it does not accept/read the sim. Kindly advise

  I had put my 3G sim in one IPAD 2 for testing. After 2 days I put the sim in my own IPAD 2 , but it does not accept/read the sim. Kindly advise ???

  Hello Murali19,
  I would recommend following through the article linked below for some useful troubleshooting steps that may help get Personal Hotspot enabled with the desired SIM card.
  iOS: Troubleshooting Personal Hotspot
  http://support.apple.com/kb/TS2756
  Cheers,
  Allen

• I am looking into Buying Retail a New Blackberry Q10. Doing this to avoid having to Give up my old Data Plan. Have read that when you activate a new Phone it forces you to pick a new Plan. Is this True? and How to I avoid this? 20 Year Verizon Client

  I am looking into Buying Retail a New Blackberry Q10. Doing this to avoid having to Give up my old Data Plan. Have read that when you activate a new Phone it forces you to pick a new Plan. Is this True? and How to I avoid this? Any other advise in this matter would be greatly appreciated.
  20 Year Plus Verizon Client

  The only "unlimited" plan I can think of where this would not apply is the old Connect plan for multimedia/basic phones.  That unlimited data, on devices such as the LG Voyager, EnvTouch, and other "multimedia" devices is  not the same.
  If you currently have an individual $29.99 unlimited data plan with a 3G Smartphone, then you can buy a BBQ10 retail and activate it with the same data plan and keep the unlimited.

• Zero-day exploit patch for Reader 9?

  Any word on the zero-day exploit patch for Reader 9?

  Yes, Claudio, thanks for the reply.  I may be a little overly anxious in asking because, while I realize the patch is expected sometime this week, I have grown accustomed to Tuesday releases.  Meanwhile our security team wants us to patch this exploit ASAP.  I was just wondering if there were any updates on the expected release other than "this week."