Adobe has released security updates for Adobe Acrobat and Reader for Windows to resolve an important vulnerability. Successful exploitation could lead to an inadvertent leak of the user's hashed NTLM password. Proof-of-concept code for CVE-2018-15979 is publicly available.
Release date: November 13, 2018
Vulnerability identifier: APSB18-40
Platform: Windows
Update or Complete Download:
Reader DC and Acrobat DC were updated to version 2019.008.20081. Update checks can be manually activated by choosing Help & Check for Updates.
- Reader DC and other versions are available here: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
- Acrobat DC for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.
Security Bulletin (https://helpx.adobe.com/security/products/acrobat/apsb18-40.html)