Microsoft has announced it recently shut down two zero-day exploits in Adobe Acrobat and Reader. In response, both Microsoft and Adobe have sent our combined patches to mitigate the problem. The company describes the find and solution as “an amazing result”.

It is arguable that Microsoft’s discovery of the pair of zero-day exploits came by chance. The company was analyzing a PDF sample of a potential exploit for a Windows kernel flaw. That PDF was sent by ESET senior malware researcher Anton Cherepanov.

While looking into that potential vulnerability, Microsoft stumbled upon two entirely different zero-day exploits. The first was a flaw in Adobe services, while the second affected older Microsoft platforms like Windows 7 and Windows Server 2008.

In response to the discovery, Microsoft and Adobe sent out relevant patches to shore their services:

Discussing the Adobe vulnerabilities, Microsoft’s Windows Defender blog post states:

“The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module. The second exploit, which does not affect modern platforms like Windows 10, allows the shellcode to escape Adobe Reader sandbox and run with elevated privileges from Windows kernel memory. ESET provided an analysis of the exploitation routines in the sample PDF.”

Amazing Result

The PDF sample including the exploits (and the potential Windows kernel problem) were found on VirusTotal. However, Microsoft says it has not observed any instances of the flaws being exploited in an attack.

Instead, the company explains the exploit was still being developed and was at a proof-of-concept stage. Because of this, Redmond insists finding and shutting down the flaws before an attack was an “amazing result of the great collaboration between ESET, Microsoft, and Adobe security researchers.”

via Microsoft Finds Zero-Day Adobe Flaw and Shuts it Down Before Attack – WinBuzzer

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This