Administrators are advised to apply the appropriate updates.
Administrators may consider employing host-based intrusion prevention systems.
Administrators should instruct users to be cautious of unsolicited .pdf files that arrive via e-mail.
Users are advised to execute programs with the least necessary privileges.
Users are advised not to open files from untrusted sources. Users are advised to verify unexpected files from trusted sources before opening them.
Cisco Security Research and Operations has tested Cisco Security Agent to verify that it prevents the malicious actions initiated by active exploitation of the vulnerability. As a result, system compromise is mitigated. Based on the characteristics of the vulnerability, Cisco expects that Cisco Security Agent will prevent similar attempts at exploiting the vulnerability.
Administrators may consider disabling Adobe Acrobat Windows Shell integration and the Adobe Acrobat Indexing Service filter, which involves unregistering the associated DLLs. However, administrators should note that the Windows Installer MSI resiliency feature may repair these features when a user clicks an advertised shortcut for Adobe Reader via the Start menu. To avoid this scenario, users are advised to delete the Adobe Reader icon from the Windows Start Menu and re-create a normal, non-advertised shortcut.