Microsoft has announced it recently shut down two zero-day exploits in Adobe Acrobat and Reader. In response, both Microsoft and Adobe have sent our combined patches to mitigate the problem. The company describes the find and solution as “an amazing result”.
It is arguable that Microsoft's discovery of the pair od zero-day exploits came by chance. The company was analysing a PDF sample of a potential exploit for a Windows kernel flaw. That PDF was sent by ESET senior malware researcher Anton Cherepanov.
While looking into that potential vulnerability, Microsoft stumbled upon two entirely different zero-day exploits. The first was a flaw in Adobe services, while the second affected older Microsoft platforms like Windows 7 and Windows Server 2008.
In response to the discovery, Microsoft and Adobe sent out relevant patches to shore their services:
- CVE-2018-4990 | Security updates available for Adobe Acrobat and Reader | APSB18-09
- CVE-2018-8120 | Win32k Elevation of Privilege Vulnerability
Discussing the Adobe vulnerabilities, Microsoft's Windows Defender blog post states:
The PDF sample including the exploits (and the potential Windows kernel problem) were found on VirusTotal. However, Microsoft says it has not observed any instances of the flaws being exploited in an attack.
Instead, the company explains the exploit was still being developer and was at a proof-of-concept stage. Because of this, Redmond insists finding and shutting down the flaws before an attack was an “amazing result of the great collaboration between ESET, Microsoft, and Adobe security researchers.”