News

Adobe Reader To Get Microsoft Sandbox Security

As Adobe Systems applications face increasing security threats, Microsoft is stepping up to lend a helping hand.

Microsoft is providing some of its sandboxing security technology, developed for Microsoft Office, to its partners, including Adobe, according to David LeBlanc, a Microsoft senior technologist for network security, in a blog post. One of the first such product collaborations involves Adobe Reader, a plug-in utility for reading PDF files.

"Office and Adobe compete on many fronts, but we put all that aside when it comes to helping protect customers from security issues," LeBlanc wrote.

Sandboxing is a security methodology that allows developers to separate running applications. The Microsoft-Adobe sandbox program provides a set of commands and technical resources designed to allow Adobe Reader to run securely during a Windows session. Adobe modeled the program after Microsoft's Practical Windows Sandboxing technique, which is "similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode," according to Adobe spokesperson Brad Arkin.

The next release of Adobe Reader will have a protected mode that will sandbox all "write" calls on Adobe Reader PDF documents opened during Windows sessions. It will work with Windows 7, Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003, Arkin explained.

Arkin added that "even if an exploitable security vulnerability is found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files, changing registry keys or installing malware on potential victims' computers."

Security experts welcomed the collaboration and believe that where security is concerned competition must take a backseat, especially in cases where programs and systems are interoperable.

"Microsoft and Adobe have an extremely large user base. This is evident by the number of attackers exploiting vulnerabilities on their software," said Jason Miller, data and security team manager at Shavlik Technologies. "Although sandboxing Adobe Reader should help mitigate a great deal of vulnerabilities, there is still the potential of future vulnerabilities with the product."

This new collaboration may represent a continuation of other initiatives that began earlier in the year, such as security patch cooperation between Adobe and Microsoft. Such alliances should lead to better communication and better overall protection for customers.

"I think this is an indication of something we need to see," said Tyler Reguly, senior security researcher at nCircle. "All big vendors should be working together to better ensure the security of their systems and to protect their end users. These vendors share customers, so working together to provide a better end product is really just common sense."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.