====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN149
_____________________________________________________________________

DATE                : 20/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Genuine Integrity Service
                                 versions prior to 6.6.

=====================================================================
https://helpx.adobe.com/security/products/integrity_service/apsb20-12.html
_____________________________________________________________________

Security Updates Available for Adobe Genuine Integrity Service | APSB20-12

Bulletin ID 	Date Published 	Priority
APSB20-12 	March 17, 2020 	3


Summary

Adobe has released updates for the Adobe Genuine Integrity Service for
Windows. This update resolves an important vulnerability which could
lead to privilege escalation in the context of the current user.


Affected Versions

Product 	Version 	Platform
Adobe Genuine Integrity Service     Version 6.4 and earlier versions  
Windows

Note:

To verify the version of Adobe Genuine Integrity Service installed on
your system, please follow the following steps:

    For Windows machines, navigate to C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient
    Right click on AdobeGCClient.exe, select “Properties”.
    Go to “Details” tab, the File Version can be seen within.


Solution

Adobe categorizes these updates with the following priority ratings.

Product 	Version 	Platform 	Priority Rating

Adobe Genuine Integrity Service       	6.6 	Windows 	3

Note:

Adobe Genuine Integrity Service has a self-update mechanism that runs
automatically at a regular interval when the host is connected to the
internet.  For more details regarding Adobe Genuine Integrity Service,
please visit here.


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity 	CVE Numbers

Insecure file permissions	Privilege Escalation	Important 	CVE-2020-3766


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:  

    Andrew Hess (any1)
    Glenn Lloyd working with Trend Micro Zero Day Initiative


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================