Friday, May 18, 2018

Once again... Be extra careful of email attachments and downloads. New attacks on Adobe software on Windows


I'd say that the newly reported vulnerabilities are particularly bad, but it's unfortunately not that unusual.  See article here: SC Media Magazine article: PDF exploit built to combine zero-day Windows and Adobe Reader bugs

Note that this month 47 vulnerabilities were patched.  If you use Adobe Reader, you absolutely must stay on top of software updates.

Adobe is continually fixing large numbers of vulnerabilities in their software.  This is a good thing as they are clearly trying to stay on top of it.  However, my recommendation is to avoid Adobe Reader if possible and use an alternate reader.  Edge works in Windows 10 and would be somewhat of an improvement over Adobe Reader, but I would recommend Foxit or really any lesser known reputable reader.  Until something else becomes more popular than Adobe, it will be targeted.  Malicious PDF attachments sent via email and malicious PDF downloads from websites are typically expecting to take advantage of Adobe software and it is apparently a target rich environment.

The steps below are the summary of a previous article and are most important. Please see them in more detail here: Keep Your PC Safe.  
  1. Change your DNS settings to use OpenDNS
  2. Install either Mozilla Firefox or Google Chrome and use it instead of Internet Explorer (Edge is ok but uBlock Origin by Gorhill is not available). 
  3. Install uBlock Origin and Web of Trust add-ons in both Chrome and Firefox.
  4. Use Windows 10 and it's built-in antivirus software.
  5. Make sure your software is up-to-date (Foxit and Java are two that need updating.  Uninstall Java if you don't need it).
  6. Uninstall Adobe Reader and install Foxit Reader instead.
  7. Make your Windows login a "standard" user instead of an administrator.

No comments: