A new version of the download manager for Adobe Reader is live. This new version resolves the Moderate local privilege escalation issue discussed in an Adobe PSIRT blog post on July 22.
No action is required for users downloading Adobe Reader from http://get.adobe.com/reader/. Users who previously downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ can verify they are not vulnerable to this download manager issue by checking the following:
- Ensure that the C:\Program Files\NOS folder and its contents are not present on your system.
- Click “Start” > “Run” and type “services.msc”. Ensure that “getPlus(R) Helper” from the list of services.
If the NOS files are found, the download manager issue can be mitigated by:
- Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
- Deleting the C:\Program Files\NOS\ folder and its contents.
Note: As mentioned in a late July Adobe Security Bulletin and PSIRT blog post, we want to remind users Adobe is planning its next quarterly security update for Adobe Reader and Acrobat for Tuesday, October 13.
This posting is provided “AS IS” with no warranties and confers no rights.