Adobe, in their recent Security Advisory, has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe plans to release an update to fix this vulnerability by January 12, 2010.
As one of the temporary solution, Adobe suggests its customers to disable JavaScript in Adobe Reader to mitigate the risk. Disabling JavaScript in Adobe Reader is very simple:
- Select Edit–>Preferences
- Select JavaScript category
- Uncheck “Enable Acrobat JavaScript” option and click OK
Now, imagine you have hundreds of computers in your network all running Adobe Reader version 9.x. How do you think you can disable JavaScript in all of them? You can use Desktop Central to disable JavaScript in all the computers.
Adobe Reader stores the user preferences in the Registry. You can make use of the Registry Configuration in Desktop Central and disable the JavaScript in multiple computers simultaneously.
- Open the Registry Settings Configuration for Users and specify a name for the configuration.
- In the Define Configuration, specify the following:
- Action: Write Value
- Header Key: HKEY_CURRENT_USER
- Sub-key: Software\Adobe\Acrobat Reader\x.0\JSPrefs (replace x.0 with the appropriate version. For example, 9.0)
- Data Type: REG_DWORD
- Value Name: bEnableJS
- Value Data: 0
- Add the target users and deploy the configuration.
It is advisable to test in few computers before rolling out the configuration to multiple computers.
It is also widely believed that atni-virus solutions are planning to release their definitions to mark the malacious PDF documents as viruses.
Cheers!