Microsoft Vulnerabilities
What Should You Do?
CyberHoot recommends that the following actions be taken to secure your Microsoft software and company systems:
- Install the updates provided by Microsoft immediately. It’s best to try and update anything Microsoft-related right away.
- Run all software as a non-privileged user (without administrative privileges) to reduce the effects of a successful attack.
- Train users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
Adobe Vulnerabilities
Multiple vulnerabilities have been found in Adobe products, where the most severe can result in Remote Code Execution (RCE). Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The list of affected Adobe Products are listed below:
- Adobe RoboHelp RH202.0.7 and earlier versions for Windows and macOS
- Adobe Acrobat DC and Adobe Acrobat Reader DC 22.001.20142 and earlier versions for Windows and macOS
- Adobe Acrobat 2020 and Acrobat Reader 2020 20.005.30334 and earlier versions for Windows
- Adobe Acrobat 2020 and Acrobat Reader 2020 20.005.30331 and earlier versions for macOS
- Adobe Acrobat 2017 and Acrobat Reader 2017 17.012.30229 and earlier versions for Windows
- Adobe Acrobat 2017 and Acrobat Reader 2017 17.012.30227 and earlier versions for macOS
- Adobe Character Animator 2021 4.4.7 and earlier versions for Windows and macOS
- Adobe Character Animator 2022 22.4 and earlier versions for Windows and macOS
- Adobe Photoshop 2021 22.5.7 and earlier versions for Windows and macOS
- Adobe Photoshop 2022 23.3.2 and earlier versions for Windows and macOS
What Should You Do?
CyberHoot recommends that the following actions be taken to secure your Adobe software and company systems:
- Install the updates provided by Adobe immediately.
- Go to your Adobe Creative Cloud app
- Under Apps, Click Updates
- Click Update All in top right corner
- Go to any Adobe Application
- Click the Help menu (top of your screen)
- Click Updates
- You will be prompted to update the software
- Go to your Adobe Creative Cloud app
- Run all software as a non-privileged user (without administrative privileges) to reduce the effects of a successful attack.
- Train users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
You have a Vulnerability Alert Management Process, right?
If you’re a subscriber to CyberHoot’s services, you’ll have access to our Policy and Process library which contains the vulnerability alert management process document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.