Adobe issued a fix on Tuesday for a critical vulnerability in its Download Manager program that could be used by an attacker to download malware onto a user’s PC.

People who downloaded Adobe Reader for Windows from Adobe’s Reader download site or Flash Player for Windows from Adobe’s Flash Player site prior to the release of the security bulletin on Tuesday are vulnerable, the company said.

The issue is resolved for any new downloads of Reader and Flash Player from those sites. Download Manager is a tool that helps users efficiently download files from web servers. It is used one time per session and is deleted when the computer is restarted. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine,” said the security bulletin.

Check to see if you’ve got a vulnerability by seeing whether the C:\Program Files\NOS\ folder and its contents (NOS files) are present on your computer. If they are, Adobe recommends running the ‘services.msc‘ prompt and making sure that ‘getPlus(R) Helper‘ is not in the list of services. If it is, it should be removed.

Source: ZDNet

Microsoft will issue one bulletin on Patch Tuesday next week that is rated ‘critical’ for Windows 2000.

The patch is designed to address a vulnerability that could allow an attacker to take control of a computer by remotely executing code on it, according to an advisory released on Thursday. It is rated ‘low’ severity for Windows 7, Vista, XP, Server 2003 and Server 2008 operating systems.

Meanwhile, Adobe is scheduled to release a patch for a vulnerability in Adobe Reader and Acrobat on Tuesday that was discovered in mid-December, which is being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers.

Adobe will also be releasing a beta test version of a new automatic updater for Reader.

Source: ZDNet

Firefox was the application that had the most reported vulnerabilities this year, while holes in Adobe software more than tripled from a year ago, according to statistics compiled by Qualys, a vulnerability management provider.

Qualys tallied 102 vulnerabilities that were found in Firefox this year, up from 90 last year. The numbers are based on running totals in the National Vulnerability Database.

However, the high number of Firefox vulnerabilities does not necessarily mean the Web browser actually has the most bugs; it just means it has the most reported holes. Because the software is open source, all holes are publicly disclosed, whereas proprietary software makers, like Adobe and Microsoft, typically only publicly disclose holes that were found by researchers outside the company, and not ones discovered internally, Qualys Chief Technology Officer Wolfgang Kandek said late on Wednesday.

Meanwhile, Adobe took the second-place spot from Microsoft this year. The number of vulnerabilities in Adobe programs rose from 14 last year to 45 this year, while those in Microsoft software dropped from 44 to 41, according to Qualys. Internet Explorer, Windows Media Player and Microsoft Office together had 30 vulnerabilities.

Security experts are warning Adobe customers to be extra vigilant following the discovery of an attack that attempts to exploit a new zero-day vulnerability in Adobe’s Reader and Acrobat products.

In a blog posting late yesterday, Symantec’s Security Response team said it had received a “tip from a source” that there was a potential zero-day vulnerability in the wild affecting Reader and Acrobat.

“We have indeed confirmed the existence of a 0-day vulnerability in these products,” the posting continued. “The PDF file we discovered arrives as an email attachment. The attack attempts to lure email recipients into opening the attachment. When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H.”

Adobe has since confirmed it has received and is investigating the “reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions”.

When firing up Dreamweaver, Fireworks, Photoshop and Bridge today (CS3 versions), to work on a new website, everything crashed after a few minutes with the message “AMT Subsystem Error -The licensing subsystem has failed catastrophically. You must reinstall or call customer support.”

None of the programs would open so I trawled the Adobe website for an answer and found a useful Tech Note which offers a number of work-a-rounds. This can be found at:

http://kb2.adobe.com/cps/402/kb402004.html

As it turned out I just rebooted our PC’s and all the CS3 suite programs opened up.

They have remained stable for the last few hours so the problem seems to be solved.