There is a zero-day vulnerability for Adobe that is already being used in the wild. This exploit allows bad-faith actors to run arbitrary code in the current user context. This means if the users have admin rights, then the code will run with full admin rights. This is the kind of exploit that can be paired with other methods to cause some serious damage to your environment. That is the bad news. The good news is the patch for this is already out.
Finding Machines that Need Patching
The latest build of Adobe closes this exploit so tracking which machines need it is very easy. In fact, PDQ Inventory has a prebuilt collection that will grab all of those machines for you. Open PDQ Inventory and go to the Adobe Reader DC (Old) collection and you are all done!
Patching Machines that Need it
Now that we know who might be in some trouble, let’s install the latest patch and get our environment as safe as it can be. The first step is to download the latest Adobe Reader DC from Package Library.
Now select your new package and click on Deploy once. From here you can select every machine from the Collection we just found.
Click Deploy Now and every machine that needs it will be patched and safe.
I hear you though, sure this was super easy, but can this be even easier? Why yes it can! You can set up these to Auto Download and deploy on a schedule automatically. For those that have this setup, congratulations, you probably patched your machines while reading this blog (Depending on how aggressive you have your schedule).
Conclusion
Zero-Day exploits are never good, but luckily with the right tools, you can get your environment patched quickly and easily, making these kinds of events low stress and low risk. Now pretend like you are busy trying to handle this issue so your boss truly appreciates all of your hard work.
