Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Adobe January 2012 Black Tuesday overview - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe January 2012 Black Tuesday overview

Adobe has released 1 bulletin today.

This updates Adobe products to the following versions:

  • Adobe Reader and Acrobat
    • 10.1.1 and previous
# Affected Known Exploits Adobe rating
APSB12-01 Multiple vulnerabilities in the adobe reader and adobe acrobat software allow privilege escalation (windows only) or random code execution.
Reader & Acrobat

Could allow for remote code execution. Update to 10.1.2 or 9.5. Critical

APSB11-30 and APSA11-04 were also updated.

Next scheduled Adobe security update is 10 April 2012.

Adrien de Beaupré

Adrien de Beaupre

353 Posts
ISC Handler
Jan 10th 2012

On reading the release docs, it appears version 8.3 isn't affected. Anyone else come to that conclusion? Are we finally doing better running and ancient version than the latest?
Looking at the revised bulletin, APSB 11-30, it appears that Linux users need an update also. Under "Affected Software":
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and Linux

Under "Solutions":
Adobe Reader 9.x users on Linux can find the appropriate update here:


5 Posts
Repete - Adobe end of life'd Acrobat 8.x, so there are no patches at all and there wasn't any mention of 8.x in the last security bulletin. Scary times.
After upgrading to 10.1.2 our machines (XP SP3) started duplex printing pdfs by default. After some digging, creating/changing this key fixes the problem:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral]

Maybe this will help someone else.
Joel B

8 Posts
Perhaps I've missed something, but it appears to me that it has now been 34 days since the 0-day was announced in Adobe Flash (see and there has yet to be even an acknowledgment from Adobe that they are working on the issue.

NOT iprintBookletDuplexMode
Sorry for the confusion.
Joel B

8 Posts
It's scheduled to be released two and three quarters days after you've finished patching all your Acrobat Reader installations.
Joel B
57 Posts

Sign Up for Free or Log In to start participating in the conversation!