Patchday ahead

The Redmond company today published its announcement for the upcoming November Patch Tuesday. Microsoft wants to release 3 security bulletins which deal with 11 security vulnerabilities within Office and PowerPoint (up to the brand new Office 2011 for Mac) and Forefront Unified Access Gateway. A patch for the just recently detected 0-day vulnerability in Internet Explorer is not in the list.

Adobe meanwhile ships an update for the Flash Player to version 10.1.102.64 today and plans one for the Reader and Acrobat next week. The Flash update is available via the Download Center and fixes the “authplay” vulnerability which got public last week. But the company has to deal with a new security vulnerability as well. It’s not yet exploited and it remains currently unknown whether it is exploitable to infect PCs with malware, but Adobe investigates the flaw. On a public security list a so-called Proof-of-Concept (PoC) has been published which just shows a Denial-of-Service attack.

Google also issued an update for its Chrome web browser to version 7.0.517.44. It fixes 10 security vulnerabilites. All these vulnerabilities are rated “high” concerning how critical they are by the developers. The update should be silently installed in the background. This can be verified by going to the tool menu and check the “About Chrome” entry. Either the update is already installed or will be offered by opening that entry.

Users and administrators should prepare to install the updates as soon as they are available – the security holes they close are being actively exploited on the Internet or will be in short time.

Dirk Knop
Technical Editor