Vista users safe from PDF exploit present in Windows XP

Windows XP users have to bite the bullet of yet another unpatched flaw present in Windows XP and Server 2003 with Internet Explorer 7 installed.

Adobe Reader and Acrobat are being used as attack vectors to spread malware to unpatched systems.  Microsoft is being quite clear that third party patches are not going to fix this bug because the vulnerability lies in the ShellExecute function.

ZDnet says the PDF attacks use a combination of Trojan downloaders and rootkits to steal data from an infected computer.

What was once a simply “active” but “limited” exploit is now being massively spammed according to a report from F-Secure.

Microsoft says it is monitoring the situation and a patch is on schedule for a November 13 release (with the normal patch cycle) but if it becomes a real problem, the patch could always be released ahead of schedule.

If it helps at all, it does not appear that Windows Vista is vulnerable to this attack, so maybe it’s time to consider upgrading?

• Security firms warn of zero-day Vista and IE7 exploit
• Google fixes Chinese language software tool, now safe for Windows Vista users
• Dangerous exploit looms in Windows Vista Mail
• Windows Vista requires more patches than XP
• PowerPoint users warned over security flaw