The code signing certificate that will be revoked is described in detail here:
- Serial Number: 15 e5 ac 0a 48 70 63 71 8e 39 da 52 30 1a 04 88
- sha1 Thumbprint: fd f0 1d d3 f3 7c 66 ac 4c 77 9d 92 62 3c 77 81 4a 07 fe 4c
Regarding your statement that as a IT admin you need copies of the certificates so they can be placed in the Windows "Untrusted Certificates" list and/or other lists of affirmatively distrusted certificates, Adobe does not recommend the untrusted store in this situation. The ASSET blog post contains the following paragraph on the topic:
"Our internal testing indicates that moving the impacted Adobe certificate to the Windows Untrusted Certificate Store does not block threat actors from executing the malicious utilities on a victim machine. However, this configuration does have a negative impact on the user experience and execution of valid Adobe software signed with the impacted certificate. Adobe does not recommend using the Untrusted Certificate Store in this situation."
Something that we do recommend is evaluating SRP / Applocker restrictions based on the hash sums of the known bad files. Again from the ASSET blog post:
"In addition to working with your security vendors to ensure you have the latest updates containing protections against these utilities, system administrators for managed desktop Windows OS environments can create a Software Restriction Policy (SRP‹via Group Policy) that disallows the execution of the malicious utilities and blocks them on the basis of the individual file hashes."
Even without these steps, we have shared the samples with all the major security vendors via MAPP, so you can work with your security vendor/provider to determine if protections are already in place for your environment.
Only one instance of the signed malicious utilities have been identified worldwide. The nature of the utilities and manner in which they are generally used supports our assessment that the vast majority of users of Adobe software are not at risk.
The Adobe certificate will be revoked for all binaries signed since July 10, 2012 and the certificate revocation will be published on the VeriSign CRL effective October 4, 2012. We agree that the code signing and PKI world is full of inefficiencies and plan to talk more about our lessons learned in a few weeks. (See the last paragraph of the ASSET blog post.) Watch the ASSET blog for more details.