Microsoft tool blocks attacks on Adobe Reader hole
On Friday, Microsoft published instructions on how to use the Enhanced Mitigation Experience Toolkit (EMET) to block the zero day hole in Acrobat Reader. Adobe has not yet published a patch itself, but recently added a link to Microsoft's instructions on its web site. Because of the lack of time, Adobe says it has not been able to test Microsoft's procedure fully, so recommends further testing in your own work environment.
Adobe has categorised the vulnerability as critical (CVE-2010-2883)
http://www.h-online.com/security/news/item/DLL-hole-now-affects-EXE-files-1076847.html
http://www.theregister.co.uk/2010/09/10/email_worm_spreading/
http://www.theregister.co.uk/2010/09/08/adobe_reader_0day/
Researchers have uncovered sophisticated attack code circulating on the net that exploits a critical vulnerability in the most recent version of Adobe Reader.
The click-and-get-hacked exploit spreads through email that contains a booby-trapped PDF file that remains virtually undetected by most anti-virus programs
http://www.kaspersky.com/news?id=207576178
Kaspersky Lab, a leading developer of secure content management solutions, announces that it has cooperated with Microsoft in successfully closing a serious vulnerability in Microsoft Windows.
The vulnerability was classified as being of the ‘zero-day’ type when it was detected, and has been used by the notorious Stuxnet worm. Worm.Win32.Stuxnet is remarkable in that it is basically an industrial espionage tool: it is designed to gain access to the Siemens WinCC operating system which is responsible for data collection and monitoring production.
http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx
Microsoft Security Bulletin Summary for September 2010