Security Updates Available for Adobe Genuine Integrity Service | APSB20-12
Bulletin ID Date Published Priority
APSB20-12 March 17, 2020 3

Summary

Adobe has released updates for the Adobe Genuine Integrity Service for Windows. This update resolves an important vulnerability which could lead to privilege escalation in the context of the current user.   

Affected Versions

Product Version Platform
Adobe Genuine Integrity Service
Version 6.4 and earlier versions   
Windows

Note:

To verify the version of Adobe Genuine Integrity Service installed on your system, please follow the following steps:

  • For Windows machines, navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
  • Right click on AdobeGCClient.exe, select “Properties”.
  • Go to “Details” tab, the File Version can be seen within.

Solution

Adobe categorizes these updates with the following priority ratings.

Product Version Platform Priority Rating
Adobe Genuine Integrity Service      
6.6 Windows 3

Note:

Adobe Genuine Integrity Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet.  For more details regarding Adobe Genuine Integrity Service, please visit here.

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Insecure file permissions
Privilege Escalation
Important CVE-2020-3766

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:   

  • Andrew Hess (any1)
  • Glenn Lloyd working with Trend Micro Zero Day Initiative