Sept Update 2021.007.20091 Bug with Protected View on all Documents.

Hi all,

Thanks for the response. The problem you are facing is same as mentioned in the post https://community.adobe.com/t5/acrobat-reader-discussions/adobe-reader-not-opening/td-p/12383418. Reposting it here as well.

 

This is because the Windows security update KB5005565 is causing Reader to become incompatible with the process mitigation flag EnableExportAddressFilterPlus. Note that this flag is off by default. They are usually explicitly enabled in the enterprise enviroment. Also note that users having older version of Acrobat will also face this issue with security update KB5005565 installed and EnableExportAddressFilterPlus set.

 

As a workaround, follow any one of the step mentioned below:

• Using Powershell (in admin mode), execute the command -> Set-ProcessMitigation -Name AcroRd32.exe -Disable EnableExportAddressFilterPlus
• Delete or reset registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe
• Repair Adobe Acrobat Reader. This will automatically reset the registry.
• Uninstall KB5005565 security update. Note, Adobe does not recommend uninstalling security update as a first response. Kindly uninstall only if other solutions do not work.

 

If you are using the enterprise setup (MDM/Intune/GroupPolicy etc.), you will also have to update the Exploit Protection Baseline configuration to reflect this. You can use the following XML as a guide.

 

<AppConfig Executable="AcroRd32.exe">
<DEP OverrideDEP="false" />
<ASLR ForceRelocateImages="true" />
<Payload OverrideEnableExportAddressFilter="false" OverrideEnableExportAddressFilterPlus="false" OverrideEnableImportAddressFilter="false" OverrideEnableRopStackPivot="false" OverrideEnableRopCallerCheck="false" OverrideEnableRopSimExec="false" />
</AppConfig>

 

We are working with Microsoft to get this resolved at the earliest.

Let us know if that helps.

 

Regards,

Acrobat Team.

 

Update:

Microsoft confirmed that this is a known issue for the latest security updates, KB5005565 and KB5005566. They have created files for temporary mitigation workarounds for this issue while a permanent update is created. Please apply the appropriate Known Issue Rollback to your impacted systems and then deploy the policy as mentioned in https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback#using-group-policy-to-apply-a-kir-to-a-single-device. Let us know if it does not work.

 

Windows 10, version 1903

https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi

Windows 10, version 1909

https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(1903%20&%201909)%20Known%20Issue%20Rollback%20091721%2001.msi

Windows 10, version 2004, Windows 10, version 20H2 and Windows 10, version 21H1

https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%2010%20(2004%20,%2020H2%20and%2021H1)%20Known%20Issue%20Rollback%20091721%2001.msi

Windows Sever 2020

https://download.microsoft.com/download/7/f/1/7f194890-eea9-4cad-b19f-25ab67e41bbe/Windows%20Server%202022%20Known%20Issue%20Rollback%20091821%2001.msi

 

Could you let us know the following:

1. Is KB5005565 update installed on the machine?
2. What is the value of registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe? Kindly post a snapshot.
3. Run Powershell (in admin mode) and execute the command -> Get-ProcessMitigation -Name AcroRd32.exe
4. Run Powershell (in admin mode) and execute the command -> Get-ProcessMitigation -Name Acrobat.exe

Hi,

Apologies for the issue that you are facing.

Would it be possible to share the Process Monitor logs from the affected machine using the Log tool: https://www.adobe.com/devnet-docs/acrobatetk/tools/Labs/acromonitor.html

Download the tool, run it, reproduce the issue, and save the logs. Share the logs with us either by uploading them to the Document Cloud Storage: https://documentcloud.adobe.com/link/home/ and share the link with us. Or attach it to the thread.

I have a quite similar problem (and sorry do not have any solution either) .

Same Acrobat Reader release: 2021.007.20091

Mac Book Pro: Mac Big Sure. version 11.5.2

Any PDF that is opened( new and old) comes up a page with the warning" Unattended closure of Adobe Reader" and a very detailed report to be automatically sent to Apple. (done but automatic answer with "no solution")

any help