Check: ADBP-XI-005000
Adobe Acrobat Pro XI STIG:
ADBP-XI-005000
(in version v1 r2)
Title
An unsupported Adobe Acrobat Pro version must not be installed. (Cat I impact)
Discussion
Failure to install the most current Adobe Acrobat Pro version leaves a system vulnerable to exploitation. Current versions correct known security and system vulnerabilities. If the Adobe Acrobat Pro installation is not at the most current version and patch level, this is a Category 1 finding since new vulnerabilities will not be patched. Adobe Acrobat Pro XI is End of Life. Reference the following URL: http://www.adobe.com/support/products/enterprise/eol/. Click on "Adobe enterprise products and technical support periods".
Check Content
For Windows systems: Select Settings >> System >> Apps and Features For UNIX/Linux systems: Utilize the relevant UNIX/Linux OS commands to identify installed software. If Adobe Acrobat XI Pro is installed, review security plan documentation for risk acceptance of temporary operation while Acrobat XI Pro is in the process of being replaced or upgraded. If Adobe Acrobat XI Pro is installed on the system with no documented risk acceptance, or if high-risk vulnerabilities associated with Acrobat XI Pro become known or publicized, this is a finding.
Fix Text
Upgrade to latest version of Adobe Acrobat or uninstall software.
Additional Identifiers
Rule ID: SV-93763r1_rule
Vulnerability ID: V-79057
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002605 |
The organization installs security-relevant software updates within an organization-defined time period of the release of the updates. |
CCI-003376 |
The organization replaces information system components when support for the components is no longer available from the developer, vendor, or manufacturer. |