Adobe Reader DC must disable periodical uploading of Adobe certificates.

An XCCDF Rule

Description

<VulnDiscussion>By default, the user can update Adobe certificates from an Adobe server through the GUI. When uploading Adobe certificates is disabled, it prevents the automatic download and installation of certificates and disables and locks the end user's ability to upload those certificates.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213191r400378_rule
Severity: Low
References: CCI-002470
Updated: about 1 year ago

Configure the following registry value:

Note: The Key Names "cDigSig" and "cAdobeDownload" are not created by default in the Adobe Reader DC install and must be created.

Registry Hive: HKEY_CURRENT_USER
Registry Path: \Software\Adobe\Acrobat Reader\DC\Security\cDigSig\cAdobeDownload
Value Name: bLoadSettingsFromURL 
Type: REG_DWORD
Value: 0

Adobe Reader DC must disable periodical uploading of Adobe certificates.

Description

Remediation - Manual Procedure