Adobe Reader X
This post is a bit off-topic. Neither the Federal Desktop Core Configuration (FDCC) nor the US Government Configuration Baseline (USGCB) mandate specific settings for Adobe products, and it's a little unusual for a Microsoft blog to promote an Adobe product. However, this one is important.
Many of our customers make Adobe Reader part of their standard desktop image, or at least have it on the majority of their systems. Because of its ubiquity, Reader has become a major target for cybercriminals, with a scary increase in the number of exploited zero-day vulnerabilities over the last few years. When it’s Reader running on Windows that gets attacked (as it often is), our customers suffer.
Adobe has just released a major upgrade, Adobe Reader X, that should go a long way toward mitigating these attacks. Reader X incorporates a “Protected Mode” sandbox, not unlike the Protected Mode we implemented in Internet Explorer 7 and 8, in the Microsoft Office Isolated Conversion Environment (MOICE), and in Office 2010’s Protected View. Reader X’s Protected Mode should make it substantially harder to mount successful attacks against Windows computers via Adobe Reader. That’s good for our customers.
If you use Adobe Reader, you should begin evaluating Reader X right away.
This Adobe blog post announcing the release of Reader X includes links to additional information about its Protected Mode: http://blogs.adobe.com/asset/2010/11/adobe-reader-x-is-here.html