Tuesday, February 23, 2010

Adobe Security Bulletin: UNINSTALL Adobe Download Manager

Well, Adobe has issued a bulletin telling everyone who has the Adobe Download Manager to UNINSTALL it and any related services.

Adobe - Security Bulletins: APSB10-08 Security update available for Adobe Download Manager
A critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system.

Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions in the Solution section below.

Affected software versions
Adobe Download Manager on Windows (prior to February 23, 2010)

Solution
Users, who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below:
  • Ensure that the C:\Program Files\NOS\ folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
  • Click "Start" > "Run" and type "services.msc". Ensure that "getPlus(R) Helper" is not present in the list of services.


If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
  • Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
OR
  • Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus(R) Helper" from the list of services.
  • Then delete the C:\Program Files\NOS\ folder and its contents.


This issue is resolved as of February 23, 2010, and no action is required for future downloads of Adobe Reader from http://get.adobe.com/reader/ or Adobe Flash Player from http://get.adobe.com/flashplayer/.

Severity rating

Adobe categorizes this as a critical update. Users can remove potentially vulnerable installations of the Adobe Download Manager using the instructions in the Solution section above.

No comments: