News

EMET Wards Off Adobe Exploits, Microsoft Says

Microsoft is heralding its newly released Enhanced Mitigation Experience Toolkit (EMET) 2.0 as a fail-safe against hacker incursion methods.

The company even suggested in this blog post late last week that EMET could help stave off recent attacks associated with Adobe Systems Inc.'s software, specifically Adobe Reader and Adobe Acrobat running on Windows systems. Adobe has issued a security advisory (APSA10-02) regarding a new "critical" vulnerability in Adobe Reader 9.3.4 (and earlier versions) on Windows, Macintosh and Unix. The security advisory also covers Adobe Acrobat 9.3.4 (and earlier versions) on Windows and Macintosh.

The exploit apparently uses a hacker code-writing approach called Return Oriented Programming. This technique is used to bypass the Data Execution Prevention protection feature in Windows.

The good news, wrote Fermin Serna and Andrew Roths (two engineers with the Microsoft Security Response Center), is that if users have EMET enabled, the flaws in Adobe's Reader and Acrobat software can be headed off at the pass. Normally, Address Space Layout Randomization (ASLR) would help prevent such exploits. However, Adobe products are shipped with a Dynamic Link Library (DLL) configuration that doesn't have ASLR enabled, Microsoft's security engineers explained.

Adobe this week announced they will be releasing a patch for this security flaw during the week of Oct. 4, 2010. The release will be in advance of Adobe's regular quarterly patch schedule to meet the threat.

"This security bulletin will address a vulnerability affecting Adobe Reader and Acrobat that is currently being exploited in the wild," explained Jason Miller, data and security team manager at Shavlik Technologies.

Additionally, Adobe this week announced a new security advisory (APSA10-03) describing the same critical vulnerability in Adobe Flash Player. This vulnerability is being "exploited in the wild," according to Adobe. The advisory applies to Adobe Flash Player 10.1.82.76 (and earlier versions) for Windows, Linux, Macintosh and Solaris. It also applies to Adobe Flash Player 10.1.92.10 76 (and earlier versions) for Android. The patch is expected to be available during the week of Sept. 27.

As for the Microsoft EMET solution, it's important to note that the workarounds described by Microsoft's Serna and Roths only work on Windows 7, Vista and Windows Server 2008.

As for protecting against the Acrobat/Reader exploit on Windows XP and Server 2003, EMET's export address table access filtering mitigation also works, if nominally, to remediate the issue through the Windows Kernel32.DLL's export address table.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Mastering Blazor Authentication and Authorization

    At the Visual Studio Live! @ Microsoft HQ developer conference set for August, Rockford Lhotka will explain the ins and outs of authentication across Blazor Server, WebAssembly, and .NET MAUI Hybrid apps, and show how to use identity and claims to customize application behavior through fine-grained authorization.

  • Linear Support Vector Regression from Scratch Using C# with Evolutionary Training

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the linear support vector regression (linear SVR) technique, where the goal is to predict a single numeric value. A linear SVR model uses an unusual error/loss function and cannot be trained using standard simple techniques, and so evolutionary optimization training is used.

  • Low-Code Report Says AI Will Enhance, Not Replace DIY Dev Tools

    Along with replacing software developers and possibly killing humanity, advanced AI is seen by many as a death knell for the do-it-yourself, low-code/no-code tooling industry, but a new report belies that notion.

  • Vibe Coding with Latest Visual Studio Preview

    Microsoft's latest Visual Studio preview facilitates "vibe coding," where developers mainly use GitHub Copilot AI to do all the programming in accordance with spoken or typed instructions.

  • Steve Sanderson Previews AI App Dev: Small Models, Agents and a Blazor Voice Assistant

    Blazor creator Steve Sanderson presented a keynote at the recent NDC London 2025 conference where he previewed the future of .NET application development with smaller AI models and autonomous agents, along with showcasing a new Blazor voice assistant project demonstrating cutting-edge functionality.

Subscribe on YouTube