Note:

May 14, 2018

A new update is available that provides mitigation for the vulnerabilities described in this page.

The update will be applied automatically. To manually update from Acrobat or Acrobat Reader, choose Help > Check for updates, and then follow the steps in the Updater window to download and install the latest updates.

For more information about the update, see the respective release notes:

 

Problem in Microsoft's NTLM authentication implementation affected Acrobat DC and Acrobat Reader DC

A problem in Microsoft’s NT LAN Manager (NTLM) authentication implementation affected Adobe Acrobat DC and Adobe Acrobat Reader DC allowing attackers to redirect a user to a malicious resource outside your organization to obtain the NTLM authentication messages.

Impact on Acrobat DC and Acrobat Reader DC, and mitigation

Microsoft issued an optional security enhancement late last year that provides customers with the
ability to disable NTLM SSO authentication as a method for public resources. With this fix, Adobe Acrobat DC and Adobe Acrobat Reader DC are not affected by the vulnerability.

However, the mitigation is only available for Windows 10 and Windows Server 2016.

On platforms where Microsoft’s update is not applied or available:

  • The vulnerability can be mitigated in Acrobat DC and Reader DC and for PDFs opened inside Internet Explorer by enabling the Protected View. For more information on how to enable the Protected View, see Protected View feature for PDFs (Windows).

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy