Wednesday, October 24, 2007

Security warning for users of Adobe Reader/Acrobat, XP and IE7

A new security threat has been discovered that affects users with the following installed:

  • Windows XP

  • Internet Explorer 7

  • Adobe Acrobat or Reader, v8.1 and earlier

Microsoft changed the way URIs (Uniform Resource Identifiers, a link of some sort) are handled in IE7. Due to this change there has been a security flaw discovered which could be transmitted through .pdf files.

Though this is not the first security alert regarding .pdfs, they have been (and still are) a preferred file type alternative to .doc (Word documents) for email attachments. PDFs retain their original formatting, and in most cases can not be edited by the recipient. Word documents (with the .doc file extension), have long been known to have the ability to transmit viruses and other threats, and should never be opened unless you know the sender.

PDFs are also more universally readable, by users of MACs and Linux, as well as Windows. There are also other PDF readers other than Adobe's Acrobat, which is known for being very bloated and slow to load. We recommend FoxIt PDF Reader, a very lightweight and free PDF reader.

Use common sense online, and apply basic security procedures that you follow in everyday life (lock your doors, be aware of your surroundings, don't take candy from strangers) to your dealings online:

  • Never open any email attachment from a stranger, or any attachment you aren't expecting

  • Be aware of security threats when alerts are issued

  • Update relevant software

For the full alert read: Technical Cyber Security Alert TA07-297B