Mitigation of NTLM dictionary attacks | Acrobat, Acrobat Reader
May 14, 2018
A new update is available that provides mitigation for the vulnerabilities described in this page.
The update will be applied automatically. To manually update from Acrobat or Acrobat Reader, choose Help > Check for updates, and then follow the steps in the Updater window to download and install the latest updates.
For more information about the update, see the respective release notes:
- Acrobat and Acrobat Reader Continuous Track release notes
- Acrobat 2017 and Acrobat Reader 2017 (Classic Track) release notes
- Acrobat and Acrobat Reader Classic Track (2015 Release) release notes
- Additionally, this release also provides an optional feature lockdown key to suppress PDF actions which result in opening a link. Details here.
Problem in Microsoft's NTLM authentication implementation affected Acrobat and Acrobat Reader
A problem in Microsoft’s NT LAN Manager (NTLM) authentication implementation affected Adobe Acrobat and Adobe Acrobat Reader allowing attackers to redirect a user to a malicious resource outside your organization to obtain the NTLM authentication messages.
Impact on Acrobat and Acrobat Reader, and mitigation
Microsoft issued an optional security enhancement late last year that provides customers with the
ability to disable NTLM SSO authentication as a method for public resources. With this fix, Adobe Acrobat and Adobe Acrobat Reader are not affected by the vulnerability.
However, the mitigation is only available for Windows 10 and Windows Server 2016.
On platforms where Microsoft’s update is not applied or available:
- The vulnerability can be mitigated in Acrobat and Reader and for PDFs opened inside Internet Explorer by enabling the Protected View. For more information on how to enable the Protected View, see Protected View feature for PDFs (Windows).