Microsoft acknowledges that they are to blame for the latest wave of PDF attacks. Since there is a public exploit which takes advantage of a Windows vulnerability trough an Adobe Reader flaw, here has been an intense debate over who's to blame in this case. Adobe quickly acknowledged the flaw and issued a patch as described in the Security Bulletin no. APSB07-18:
Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1.
On the other hand, Microsoft was forced to work around the clock to fix the root cause which is the faulty implementation of ShellExecute() API. However, I've never seen Microsoft going so much out there and acknowledging the faults in their software: Bill Sisk, a member of the Security Response Communications Team writes on the Microsoft Security Response Center Blog (MSRC):
Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected. However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector.
As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution. Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues.
To help protect yourself during the interim we continue to recommend that you should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources and/or visiting untrusted websites. This is absolutely one of the most effective ways to help protect yourself from a variety of threats on the Internet today.
According to security researchers, the infamous Russian Business Network (RBN), a collective of cybercriminals, is behind the PDF assault. When recipients open an attack PDF, a combination of Trojan Horses, downloaders and rootkits strike, knocking out the Windows firewall and installing code that captures all information entered into any SSL-secured form on a web page. That information is then transmitted back to RBN.
Anyway, update your Adobe client as soon as possible and DO NOT open unusual PDF attachments.
