[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1114
  • Last Modified:

MASS Disabling of Javascript on Adobe Reader 9.2 on ALL workstations

Hey experts-
Need some help. Since yet another exploit has been released regarding Adobe, one of the mitigations was to disable JavaScript within Adobe Reader. My question is, how do you do this to to 500+ workstations on the same domain??!? I've looked at Adobe's instructions, but it only applies to the single user!!

(see exploit info here: http://www.computerworld.com/s/article/9142326/Kill_JavaScript_in_Adobe_Reader_to_ward_off_zero_day_exploit_experts_urge?taxonomyId=18 )

The registry I've found that supposed to disable it doesn't seem to work:
[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\JSPrefs]
"bEnableJS"=dword:00000000
(from http://www.experts-exchange.com/Web_Development/Document_Imaging/Adobe_Acrobat/Q_24164608.html)

I'm guessing it may have worked for previous versions, but not 9.2, which is what we've (unfortunately) been pushing out to all the machines..

I've also taken a look at blacklisting, but still really haven't figured out how to do that (or what to blacklist).
Looking the
Any help?!! I need to get this addressed immediately. Thanks!!
0
ThinkPaper
Asked:
ThinkPaper
  • 4
  • 2
  • 2
  • +1
1 Solution
 
senadCommented:
mass extinction or mass disabling,that is the question .... :-)
I think you could write a script for this and run it from server to clients....
0
 
jahboiteCommented:
Adobe have tools to help with "enterprise deployment" such as the Adobe Customization Wizard which you can get here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3993

It says you can "Customize key application preferences" so, hopefully, turning off JavaScript is there too.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
Karl Heinz KremerCommented:
You don't have to disable JavaScript as a whole, the blacklisting takes care of just the function that is used in the exploit.

The blacklist framework is discussed in this Adobe article: http://kb2.adobe.com/cps/532/cpsid_53237.html
You don't have to figure out what to blacklist - Adobe has done that for you. The download file contains a registry entry that disables the function that causes the current problem.


0
 
ThinkPaperAuthor Commented:
That's exactly what I need. Thanks!
0
 
jahboiteCommented:
If it were me, I'd still disable javascript.  It's not widely used and, more importantly, more than one vulnerability in Reader over the last year was such that disabling javascript mitigated the threat.
0
 
Karl Heinz KremerCommented:
It depends on what you do with PDF - JavaScript is used in quite a few forms and in other types of documents. And for that reason Adobe added the blacklisting framework: So that you can still use JavaScript, and only disable those functions that are vulnerable. The only thing I don't like about it is that you have to manually install it. Acrobat and Reader should offer to download the latest changes automatically.
0
 
jahboiteCommented:
Yes, I suppose if one needs the JavaScript then disabling only the vulnerable funcs is perhaps the way to go. And I wholeheartedly agree that it would be great if Adobe products could auto-mitigate.  Better still would be for Adobe produce better code in the first place...
0
 
ThinkPaperAuthor Commented:
After some digging, I found that disabling Javascript is probably not the most effective way to protect against the latest vulnerability.

While it may disable it, it does not prevent the user from going back and enabling it again.

Also found out that, if you disable Javascript, the user will be prompted EVERYTIME they open a document that uses Javascript and it will ask them whether they want to allow Javascript to run (just this once) or run all the time.

So in effect, even with disabling javascript you are still not quite protected, since users could enable it.  >__< So blacklisting seems to be the better way to go.
0
 
jahboiteCommented:
I didn't realise that: "if you disable Javascript, the user will be prompted EVERYTIME they open a document that uses Javascript".  Does this happen even if the user is running under a limited account?

My personal preference has for a long time to have javascript disabled because it prevents any reader exploit that uses heap sprays to increase the chance that the exploit will succeed (most exploits do this, but certainly there must be some that don't and that will succeed even with javascript disabled).
I've never been prompted to re-enable javascript, but I've obviously never tried to open a pdf that uses it.  It's amazing that adobe consider it necessary to prompt the user to re-enable javascript after it's been turned-off (it's on by default, so if it's off, it's been turned off - pay attention adobe).
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now