Details

A threat to users of Adobe Reader DC is opening a PDF file that contains malicious executable content.

Protected mode provides a sandbox capability that prevents malicious PDF files from launching arbitrary executable files, writing to system directories or the Windows registry.

This isolation of the PDFs reduces the risk of security breaches in areas outside the sandbox.

Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210

Solution

Configure the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: SoftwarePoliciesAdobeAcrobat Reader2015FeatureLockDown

Value Name: bProtectedMode
Type: REG_DWORD
Value: 1

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Reader_DC_Classic_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-18(1)
• 800-53|SC-18(3)
• 800-53|SC-18(4)
• CAT|II
• CCI|CCI-001166
• CCI|CCI-001169
• CCI|CCI-001170
• CCI|CCI-001662
• CCI|CCI-001695
• Rule-ID|SV-213143r557349_rule
• STIG-ID|ARDC-CL-000015
• STIG-Legacy|SV-80227
• STIG-Legacy|V-65737
• Vuln-ID|V-213143

Source

• Tenable.com/audits