Milton Security Group

Tuesday, January 19, 2010: One month ago, the engineers at Milton Security Group LLC confirmed that the 0-day vulnerability for Adobe Reader and Acrobat was in the wild. Adobe has just released a security update to address this vulnerability:

http://www.adobe.com/support/security/advisories/apsa09-07.html

Depending solely on the client to install the security update to mitigate this exploit can still leave you and your network vulnerable. Implementing a network based security solution can ensure that your network remains operational and secure, regardless of the state of the client.

The MSG 7200 or Edgewall 7000 network security devices can provide visibility into clients who are connecting to the network. Network accessibility can be controlled depending on the status of the endpoint, preventing vulnerable machines from reaching critical network resources.

The Milton Security Group LLC Threat Detection team - MSGLabs - has suggested multiple ways to identify and block this threat using the MSG 7200, keeping your network operational and secure.

1. Threat Filter: upload the latest Threat Filter from MSGLabs and apply it to all existing Access Policies. This action will prevent an already infected machine from communicating out to known Command and Control hosts (as of Dec 16 at 13:00 Pacific).

2. Policy Scan - Adobe: download an updated policy scan for your managed systems below an MSG 7200 unit to check for the latest Adobe version. If the client does not possess the latest security update, provide remediation steps before allowing the client back on the network.

3. Policy Scan - DEP: download an updated policy scan for your managed systems below an MSG7200 unit that checks to see if DEP (Data Execution Prevention) is enabled.

For further details on how you can keep this vulnerability from being exploited on your network, contact Milton Security Support Group at support@miltonsecurity.com.