Hackers target unpatched Adobe Reader, Acrobat flaw

Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.

The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said the flaw is present in the most recent versions of Adobe Acrobat and Reader.

Adair warned that security experts have observed cyber crooks using the vulnerability in targeted attacks since at least Dec. 11, but that more widespread attacks are likely to emerge over the next few weeks. In addition, few anti-virus vendors currently detect malicious PDF files harboring this exploit.

At the moment, there is no patch available for this flaw, and Adobe's brief advisory offers little in the way of mitigation advice.

However, Internet users can protect themselves from this attack in a couple of ways. First, this exploit doesn't work unless users have Javascript enabled in Adobe Acrobat/Reader.To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript."

As an alternative to Adobe, I generally recommend the free and lightweight Foxit Reader. But there are other free PDF readers, including Sumatra PDF and PDF-XChange Viewer.

http://voices.washingtonpost.com/securityfix/2009/12/hackers_target_unpatched_adobe.html?wprss=securityfix

Microsoft Patches 12 Office Security Holes

Microsoft today issued four updates to fix at least a dozen security vulnerabilities in its Office software products. All of the updates earned Microsoft's "critical" label, meaning attackers could exploit the flaws to break into Windows systems with little or no help from users.

Included in today's Patch Tuesday roundup are fixes for just about every Office suite or stand-alone product that Microsoft currently supports -- going back to Office 2000 and including Office for Mac software and various Office Viewer components.

One of the updates, which mends at least seven flaws in different Office titles, patches a security hole that hackers were exploiting as early as last week, according to reports from US-CERT and the SANS Internet Storm Center.

Interestingly, that patch and one other address security holes found in Office 2007, a product that underwent rigorous code review in an attempt to minimize the kinds of security weaknesses that were found to be pervasive in older versions of Office.
Office users can grab the latest patches from Microsoft Update. Office 2000 users, however, can only obtain them from Microsoft's Office Update. Office 2000 users may also need to have their Office installation CD handy in order to install these updates. [...]

Read more ...
Brian Krebs on Computer Security. The Washington Post Company.

Hackers prowl for Trend Micro vuln

Hackers have begun actively scanning for recently announced vulnerabilities in Trend Micro's ServerProtect product.

Security watchers at the Internet Storm Centre (ISC) have noted a huge upsurge of traffic on TCP port 5168, associated with security bugs in ServerProtect (an enterprise software product designed to protect servers and storage attacks).

Flaws in the application create a means for miscreants to load malware onto vulnerable systems. Fortunately, Trend Micro has published software updates designed to plug the security hole.

ServerProtect for Windows version 5.58 Build 1176 is known to be vulnerable, but other versions may also be flawed. Trend advises users to update to Build 1185.

Sys admins are advised to patch up vulnerable systems or run the risk of dealing with compromised machines. "It looks likes machines are getting owned with this vulnerability," ISC warned on Wednesday.

More information on the vulns can be found in advisories from security tools vendor ISS, which discovered the majority of the vulnerabilities, here and here. ®

Read more ...

The Register. Security. Enterprise Security.