Legit Reviews

ST. PAUL, Minn. --(Business Wire)-- Nov 06, 2008 Shavlik Technologies, LLC, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, today commented on the new exploitable bugs in the recently released Adobe Reader 8.1.3. Shavlik reports that the company’s NetChk Protect customers are protected from these malicious security threats, but for those organizations that rely on patch management solutions limited to Microsoft only applications, there will be some pain.

“The threat landscape continues to broaden, and organizations can no longer assume that the biggest risk is to their Microsoft applications, and non-Microsoft applications can be handled as the threats emerge. Adobe Reader is an application that resides on most user desktops,” said Chris Schwartzbauer, VP Worldwide Field Operations, Shavlik Technologies. “For Shavlik customers, this threat is a non-event, because our software provides them with a way to simplify and automate the full patch cycle for all Microsoft applications AND hundreds of non-Microsoft applications residing on their high value server and desktop assets. Our solutions reduce the risk to our customers’ networks and actually allow them to demonstrate a clear financial return as a result of eliminating hours of manual effort.”

This week, Adobe released a new version of Reader 8.1.3 that fixes several exploitable bugs in 8.1.2 and prior versions of this popular Reader software. Exploit code on this reader was posted to the milw0rm.com site and is fully functional.

Sites relying on Microsoft’s patch solutions that employ the Windows Update set of APIs, such as WSUS, SMS, SCCM and others, are not protected against these exploitable bugs and may not even know it.

The threats include two payloads that can be easily activated. The first (default) payload launches an executable file called calc.exe for testing purposes. The second payload creates a bind shell for remote access. These payloads can be modified very easily to any arbitrary payload with very little skill required. These threats can impact thousands of legitimate Web sites and deliver previous Adobe exploits to an organization’s network via the “Drive By” hacking techniques.

Shavlik Provides “Any Patch, Anywhere” Protection

Shavlik reports that it’s NetChk Protect Any Patch, Any Where technology protects its customers from this serious security vulnerability. Shavlik continues to be the industry leader in response time and support of newly available vendor patches. In addition to a solution architecture that streamlines integration of in-the-box support for new patches, Shavlik NetChk Protect also provides custom patch editor with a wizard-like interface for creating and maintaining custom patches. Combined with the Dynamic Product Detection capabilities in the NetChk Protect scan engine, customers can patch virtually any Windows application on their network.

A true enterprise solution, Shavlik NetChk Protect uses Active Vulnerability Management to simplify IT operations to maintain secure, policy-compliant networks through automatic and continuous Assessment, Remediation and Management.

About Shavlik Technologies

Shavlik Technologies, LLC delivers enterprise IT organizations robust software solutions that rapidly accelerate and continuously improve security and compliance readiness by simplifying IT operations, and identifying and reliably closing system security gaps. Shavlik’s solutions provide Rapid Readiness so IT organizations realize continuous security and compliance readiness in a fraction of the time, cost and IT resources required by alternative approaches.

With more than 10,000 customers worldwide, Shavlik enables enterprises to simplify complex IT security and compliance management, providing trustworthy solutions that free up critical IT resources to focus on innovations that drive business growth while lowering costs. Shavlik also licenses its technology to more than 20 leading security and technology companies such as BMC, Juniper, Sophos, Symantec and VMware. For more information, visit Shavlik Technologies at www.shavlik.com.

Shavlik Technologies is a registered trademark in the United States and certain other countries, of Shavlik Technologies. Additional Shavlik product names are either registered trademarks or trademarks of Shavlik Technologies. All other trademarks mentioned in this document are the property of their respective owners.