With our recent update of the engine we added generic protection against exploitation of the thumbnail vulnerability in all current Microsoft Windows operating systems. Microsoft warned of this security hole in a security advisory. On the January Patchday, no update was available for this vulnerability, even though there is proof-of-concept code publicly available in the Metasploit framework.

Also, we released another generic detection for exploits against the Microsoft Office security vulnerability in processing manipulated .rtf documents, which is already exploited in a limited fashion. The Update MS10-087 from last November fixes this vulnerability, so it is advised to install the Microsoft Updates anyways.

The Avira update is delivered and installed automatically. In case the next update is still too far away, start the Product Update in the Update-menu of the Avira ControlCenter manually!

Dirk Knop
Technical Editor