Microsoft today announced 13 Security Bulletins for the October Patchday. 8 of them are concerning critical rated security vulnerabilities. The total count of security holes which the company plans to close is 34, according to the Microsoft Security Response Center.

The affected software includes Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Among the fixes that are gonna be provided is one for the SMBv2 vulnerability and one for the vulnerable FTP service IIS.

Administrators should prepare for those updates – most of them require a restart – and install them as soon as possible.

Dirk Knop
Technical Editor

We are currently delivering another huge update to our clients. This leads to the situation that users of the free Avira AntiVir Personal have some issues getting their updates fast.

The situation should get better today or tomorrow. We hope that we have our improved, faster system up and running for the next big update so that this situation won’t come up again!

Please be patient – the update will be over soon! By the way, as usual, users of Avira AntiVir Premium, Avira Premium Security Suite and the Professional products are not affected – they have dedicated download servers and reserved bandwidth available.

Dirk Knop
Technical Editor

The update servers for our free Avira AntiVir Personal are currently under heavy load due to a huge update that gets delivered. Even if we are delivering with 8 GBit per second – whereof up to 1 GBit per second is used by IPv6 traffic alone! – this results in a slow update process for many of the free AntiVir Personal users. The situation should get better over the weekend, it already got better this night for a few hours.

We already increased bandwidth and made further optimizations to our servers. Also we’re working on a permanent solution to better serve the users of our free Avira AntiVir version – this may take a few weeks though.

Users of our Avira AntiVir Premium and Avira AntiVir Professional products are not affected by this issue.

Dirk Knop
Technical Editor

Now that didn’t happen for a while: Microsoft updated one of the security bulletins from Tuesday. It deals with a security flaw in TCP/IP networking. The first version of the bulletin mentioned Windows 2000, Vista, Server 2003 and Server 2008 as affected. The updated version also mentions Windows XP as affected.

Consequently, all Windows XP users should run Windows Update again (as soon as the patch is available for XP, it currently isn’t) – though the impact of the error isn’t as critical as in Vista or Server 2008, where it allows for remote code execution. In Windows XP it is possible to cause a Denial of Service (DoS) condition with sending manipulated network packets to the unpatched computer.

Update: Microsoft updated the bulletin once more. Now it states “By default, Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability.” So an update won’t be available any time soon – if at all, because in the default installation no service is listening on the network interface.

Dirk Knop
Technical Editor

The Mozilla developers released Firefox 3.5.3, which fixes overall 4 security holes in the Web browser. 3 of them are considered to be critical and allow for executing code within the browser with highest privileges and to compromise the computer. Attackers could abuse these vulnerabilities to inject for example Trojans and other malware onto the victim’s computer – just with manipulated web pages.

With Firefox 3.5.3, the developers also added a nice new feature to the software: It’ll warn users if their Adobe Flash Player plug-in is outdated and must be updated. They’ll extend this feature for other plug-ins, according to the Mozilla Security Blog.

Please install the update as soon as possible. The easiest way is to go to the Help menu and click on “Check for Updates”. You can also download the whole installation package on the Firefox web site.

Dirk Knop
Technical Editor

As announced last Friday, Microsoft released 5 security bulletins – all dealing with critical flaws within the Windows operating systems. Affected are Windows XP to Windows Vista and Server 2008.

The security holes can be abused by hackers to compromise Windows installations remotely. Microsoft expects that exploits for these holes appear soon, so it is advised to install the patches as soon as possible!

Patches for the recently discovered SMB2 flaws within Vista and Windows 7 (only up to RC1 though) aren’t ready yet. Also missing are updates that fix the vulnerabilities in the FTP component of the Internet Information Services.

Dirk Knop
Technical Editor

Microsoft today announced 5 security bulletins for the September patchday next Tuesday. They are all dealing with security holes considered critical in the Windows operating systems and system components. Interestingly, even the Windows Server 2008 Core installation is affected. As usual, the Redmond company isn’t going into details in the advance notification.

Prepare for installing the updates as soon as possible.

Dirk Knop
Technical Editor

There is a severe security hole in Microsofts Internet Information Services (IIS) versions 5 and 6. “0-day” Exploit code is publicly available on the net. The error is within the FTP component. Thus Microsoft recommends as workaround to disable (anonymous) FTP on IIS, or to withdraw anonymous users the rights to create directories. A security advisory was already available but currently leads to a Bing search page. There you can see the advisory as “cached page” at least.

Opera released the final version 10 of their Web browser. It fixes some security issues and has some new and improved features. They are listed in the changelog.

The OpenOffice.org developers released OpenOffice.org 3.1.1 (changelog). This version fixes a security flaw in the Word document processing which can lead to system compromise. Users of OpenOffice.org should download the new version and update immediatly.

Dirk Knop
Technical Editor

Microsoft released two new knowledgebase articles in which it makes patches for all actual supported operating systems available. Those patches properly disable the Autorun and AutoPlay feature. This is important as previously it was possible to convince users to execute malware from for example USB sticks with AutoPlay entries and to automatically run malware via Autorun. Disabling Autorun didn’t work as expected before.

To improve the PC security it is advised to install the patches!

Dirk Knop
Technical Editor

As announced before the weekend, Microsoft now released 9 security bulletins. The patches related to those bulletins close overall 19 security holes in Windows, Microsoft Office, Visual Studio, ISA- and BizTalk-Server, RDP client for Mac and the .Net framework.

According to the exploitability index of Microsoft, exploit code is likely to appear for all but one of those vulnerabilities. Therefore it is recommended to install the updates as soon as possible.

Dirk Knop
Technical Editor