(imported topic written by hanspjacobsen)
Has anyone found out how to create a fixlet to find out if Acrobat javascript is enable?
http://www.adobe.com/support/security/advisories/apsa09-01.html
(imported topic written by hanspjacobsen)
Has anyone found out how to create a fixlet to find out if Acrobat javascript is enable?
http://www.adobe.com/support/security/advisories/apsa09-01.html
(imported comment written by hanspjacobsen)
I found out which registry setting the relevance has to check but canāt figure out how to write the relevance. The Registry key is HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\x.0\JSPrefs DWORD ābEnableJSā to 0
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221 .
The problem is that x.0 represents the version of Acrobat Reader that is installed how can I pull that information out and place it in a relevance?
(imported comment written by SystemAdmin)
Hereās what Iād doā¦ When writing your relevance you can use āof keysā to enumerate through any of the versions that are installed. So letās say you wanted to just determine if preferences werenāt set at all.
Something likeā¦
not exists key āJSPRefsā of keys of key āSoftware\Adobe\Acrobat Readerā of (detection of HKCU here)
Unless you want to target specific versions, where make it something likeā¦
not exists key āJSPRefsā of keys whose (name of it as version <= ā9.0ā) of key āSoftware\Adobe\Acrobat Readerā of (detection of HKCU here)
Of course you would also need to add in the detection if the JSPrefs was present, but bEnableJS was missing or not set to 0. Then also the same for Adobe Acrobat as well.
-Paul
(imported comment written by hanspjacobsen)
Thanks for the reply Iām really trying to understand this but how can I get the variable in the registry x which is the version of Acrobat Reader for 9 it would be 9.0 and 8 would be 8.0 etc.
(imported comment written by SystemAdmin)
Well for that you could use either the HKCU or HKLM key. Iāll use HKLM hereā¦
For just the name of the key, it would beā¦
name of key of key āHKLM\Software\Adobe\Acrobat Readerā of registry
Well if you wanted to extract the whole number to the left of the ā.ā, you could do it like thisā¦
preceding text of substring ā.ā of name of key of key āHKLM\Software\Adobe\Acrobat Readerā of registry
Paul
(imported comment written by hanspjacobsen)
Thanks for the help.
(imported comment written by Richard_Betts)
Here are three Fixlets to identify and remediate the issue for;
These are provided āas isā and should be tested in you own environment as you would with any custom content.
āAdobe Warns of Critical Vulnerability In Acrobat, Readerā
Rename the attachment to .bes and then import via the console.
o The Acrobat setting is per user, so this will ensure that when different users logon, theirs settings will get applied.
o Note that the default action expires in 2 days, so do extend longer as you see fit.
o Also it is possible that an end-user might use the software and re-enable JavaScript. The policy will ensure that the JavaScript setting gets disabled again.
(imported comment written by SystemAdmin)
Richard- Thank you for the offer, but I donāt see any fixlets to download.
(imported comment written by Richard_Betts)
Attachment is at bottom of post.
(imported comment written by SystemAdmin)
Wow okay, I feel like a moron, but seriously I cannot find your attachment. Iāve looked in IE, Safari and Firefox, logged in and not, from multiple machines, but there is no attachment. I must be doing something wrongā¦
Hereās screenshotsā¦ would someone please show me where I should be looking?
(imported comment written by Jim_Hansen91)
Hi Skip,
If you would like to send me an email directly, Iāll send them to you. My email is jim_hansen@bigfix.com.
Regards,
Jim
(imported comment written by BenKus)
Hey Skip,
Check againā¦ I moved your forum user group and hopefully you can see it nowā¦
Ben
(imported comment written by SystemAdmin)
Ben Kus
Hey Skip,
Check againā¦ I moved your forum user group and hopefully you can see it nowā¦
Ben
Yes! I can see it nowā¦ thanks for fixing my account!