For the critical security vulnerability that currently gets exploited in the wild (since back in December for example to attack Google) Microsoft has announced an out-of-band Update that will get released later today. The exploit code for abusing the vulnerability to inject malicious code into PCs has become public. It is very likely that even script-kiddies will use it.

Even though Avira security solutions detect the exploits that were used in the attacks and were found until now with generic detections, every user and administrator is urged to install the Update as soon as it is available!

Microsoft also released a security advisory about a Windows kernel vulnerability that allows attackers to increase the privileges on a system. This is due to an error in the 16-bit subsystem in all Windows operating systems. Not affected are the 64-bit versions of Windows. As a workaround, Microsoft proposes to disable the NTVDM subsystem via group policies. A guide is in the advisory.

Dirk Knop
Technical Editor