[German]In early November 2020, Adobe released a major security update for Adobe Acrobat/Adobe Reader DC. However, there are problems on SAP systems because displaying PDF documents in SAP software leads to long loading times or crashes. Addendum: Group Policy to disable the Protected Mode specified – so it works again.
This application able to patch Photoshop CC 2020, After Effects, Premiere Pro, Adobe Indesign CC 2020 for. Adobe Lightroom CC 2020 Full İndir (Windows). Acrobat Pro 2020. For Mac OS (v10.14 and above) Download (688 MB, Multilingual zip file installer.) Download (661 MB, Multilingual installer.) For Mac OS (v 10.13) Download (660 MB, Multilingual installer.).
Shortly after the publication of the article Adobe Reader/Acrobat: Important security update available (Nov. 3, 2020) I was asked about the problem on Twitter. German reader Phillip Scheerer asked:
Are you aware of any problems? We receive complaints about problems with displaying PDFs in SAP (long load time/crash SAP). After a RollBack, everything is immediately fine again.
I then asked for more details, which Phillip has now provided (thanks for that).
In the Adobe community there is this article, which addresses issues with the Adobe Reader DC 2020.013.20064 under SAP:
Adobe Reader DC 2020.013.20064 – error 103:103
Hi,
Since last adobe security patch when an app tries to open a pdf embedded into the own application (SAP) an error (103:103) is launched and no pdf is viewed.
We are running Windows 10 Version 10.0.19042 Build 19042 along with Adobe Acrobat Reader DC Version 2020.013.20064. Protected Mode in Adobe is disabled.
Does anyone know a solution for this?
The SAPGUI crashes (see following screenshot) and the Windows Event Viewer contains entries for crashes of SAPLOGON.exe
Here is an extract of the crash report that is displayed. There is an access violation in the AcroPDFImpl.dll file
Faulting application name: saplogon.exe, version: 7600.1.2.1156, time stamp: 0x5d3e2ccb
Faulting module name: AcroPDFImpl.dll_unloaded, version: 20.13.20064.12623, time stamp: 0x5f91f8a9
Exception code: 0xc0000005
Fault offset: 0x000447ab
Faulting process id: 0x1c2c
Faulting application start time: 0x01d6b8fd018817a2
Faulting application path: C:Program Files (x86)SAPFrontEndSAPguisaplogon.exe
Faulting module path: AcroPDFImpl.dll
Report Id: 3315dad4-6e9f-4d83-ba5a-3c1f852af351
Faulting package full name:
Faulting package-relative application ID:
The problem is confirmed by several users. Another Thead Adobe reader not printing from embedded print preview SAP in the Adobe forum also addresses the problem. There is a hint to switch off the Protected Mode in Adobe Reader DC for testing purposes:
Please try to turn off the protected mode for testing (Windows only) and see if that helps. Go to Edit > Preferences > Enhanced Security > Uncheck ‘Enable Protected mode at start up’ , turn off the protected mode and uncheck Enhanced Security > Click OK and reboot the computer.
Note: Turning off the security may possess security risks, please turn on the security after testing.
The user in question confirms that printing will then work, albeit more slowly. However, switching off Protected Mode reduces security. The error is also addressed here. The Adobe Reader DC 2020.013.20048 works against it. This concerns SAPGUI 7.40 to 7.60.
Workaround via Group Policy
Addendum: Phillipp Scheerer told me on Twitter that the IT department had to switch off the ‘protected mode’ for compatibility reasons. For this purpose there is a group policy, which is stored in the following key:
HKLMSWPoliciesAdobeAcrobat ReaderDCFeatureLockDown
Change the 32-bit DWORD registry entry bProtectedMode = 0 to 1 Then the PDF loads as expected.
Advertising
On this August 2020 Patch Tuesday:
- Microsoft has plugged 120 flaws, two of which are being exploited in attacks in the wild
- Adobe has delivered security updates for Adobe Acrobat, Reader and Lightroom
- Apple has released updates for iCloud on Windows
- Google has updated Chrome with security fixes
Adobe Patcher 2020 Windows
Microsoft’s updates
Microsoft has released patched for 120 CVEs, 17 of which are critical and the rest important. One (CVE-2020-1464) is publicly known and being actively exploited, and another one (CVE-2020-1380) is also under attack.
CVE-2020-1464 allows an attacker to bypass security features intended to prevent improperly signed files from being loaded, and affects all supported versions of Windows, so patching it should definitely be a priority.
“CVE-2020-1464 is proof that security organizations should not be making their patching decisions solely off the CVSS score and severity rating and instead should be approaching all the security vulnerabilities as a gap in their attack surface, welcoming any malicious player into their network,” noted Richard Melick, Senior Technical Product Manager, Automox.
Adobe Cc 2020 Patch Windows 10
“Coming in only at a CVSS of 5.3, this spoofing vulnerability has been reported exploited in both legacy and newer versions of Windows and Windows Server, which is more worrisome as 25% of connected Windows devices are still running Windows 7.”
CVE-2020-1380 is a bug in Internet Explorer’s scripting engine and allow code execution on a system running a vulnerable version of the browser.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine,” Microsoft explained.
“The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.”
This flaw is also under active attack, so IE users should be protected against it as soon as possible
Adobe Creative Cloud Patch 2020 Windows
Trend Micro Zero Day Initiative’s Dustin Childs also singled out CVE-2020-1472, a NetLogon Elevation of Privilege Vulnerability, as very important to patch quickly.
Adobe Illustrator 2020 Patch Windows
“A vulnerability in the Netlogon Remote Protocol (MS-NRPC) could allow attackers to run their applications on a device on the network. An unauthenticated attacker would use MS-NRPC to connect to a Domain Controller (DC) to obtain administrative access,” he explained, but noted that fixing it entirely will be a problem.
“[The patch released today] enables the DCs to protect devices, but a second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug. After applying this patch, you’ll still need to make changes to your DC. Microsoft published guidelines to help administrators choose the correct settings.”
“There are many non-Windows device implementations of the Netlogon Remote Protocol (also called MS-NRPC). To ensure that vendors of non-compliant implementations can provide customers with updates, a second release that is planned for Q1 2021 will enforce protection for all domain-joined devices,” Microsoft has added.
Other critical vulnerabilities have been fixed in the .NET Framework, Media Foundation, Microsoft Edge, the Windows Codecs Library, the MSHTML Engine, the Scripting Engine, Windows Media, and Outlook.
The provided Outlook updates should also be quickly implemented, as they fix two vulnerabilities – a RCE and information disclosure bug – that could be triggered from the Preview Pane.
As announced last week, Microsoft has also delivered today a fix for CVE-2020-1337, a privilege escalation vulnerability in the Windows Print Spooler service, which affects all the Windows releases from Windows 7 to Windows 10 (32 and 64-bit). The researchers who unearthed it have promised to publish a PoC exploit this week.
Adobe’s updates
Adobe has released security updates for various versions of Adobe Acrobat and Reader for Windows and macOS, and Adobe Lightroom for Windows.
The former are more important, as they fix 11 critical vulnerability that could lead to code execution and allow attackers to bypass of a security feature, and 15 additional high-risk bugs.
Acrobat and Reader are also more widely used than Adobe Lightroom, which is a family of image organization and image manipulation software. The update for Lightroom fixes one privilege escalation flaw.
None of the fixed vulnerabilities are being actively exploited and there are no public exploits available, but the Zero Day Initiative announced it will tweet the proof-of-concept demonstration for CVE-2020-9697, a memory leak bug in Acrobat and Reader, tomorrow.
If you’re still using Adobe Flash, consider the fact that it reaches end-of-life at the end of the year and plan accordingly.
Apple’s updates
As predicted, Apple chose this Patch Tuesday to release security updates for iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later).
The two updates deliver fixes for (mostly) the same vulnerabilities:
- A dozen of flaws in the Image I/O programming interface framework, all of which may allow attackers to achieve arbitrary code execution if the user opes a maliciously crafted image or PDF file
- A variety of flaws affecting the WebKit browser engine, the WebKit Web Inspector debugging tool and the WebKit Page Loading implementation. Some may be exploited to execute code, some to bypass Pointer Authentication or prevent Content Security Policy from being enforced, some to conceal the destination of a URL, and some to inject code.
Google’s updates
Google has not yet promoted Chrome 85 from the beta channel, but has released Chrome 84.0.4147.125 for Windows, Mac, and Linux.
No critical vulnerabilities have been fixed, but plenty of high- and medium-risk ones have.