Check: ARDC-CL-000015
Adobe Acrobat Reader DC Classic Track STIG:
ARDC-CL-000015
(in versions v2 r1 through v1 r1)
Title
Adobe Reader DC must enable Protected Mode. (Cat II impact)
Discussion
A threat to users of Adobe Reader DC is opening a PDF file that contains malicious executable content. Protected mode provides a sandbox capability that prevents malicious PDF files from launching arbitrary executable files, writing to system directories or the Windows registry. This isolation of the PDFs reduces the risk of security breaches in areas outside the sandbox. Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210
Check Content
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown Value Name: bProtectedMode Type: REG_DWORD Value: 1 If the value for bProtectedMode is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown Value Name: bProtectedMode Type: REG_DWORD Value: 1
Additional Identifiers
Rule ID: SV-213143r557349_rule
Vulnerability ID: V-213143
Group Title: SRG-APP-000112
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001166 |
The information system identifies organization-defined unacceptable mobile code. |
CCI-001169 |
The information system prevents the download of organization-defined unacceptable mobile code. |
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
CCI-001695 |
The information system prevents the execution of organization-defined unacceptable mobile code. |