3CX Phone System 11 – Security Update

After receiving feedback from our customers we have made a security update for 3CX Phone System version 11. This update protects V11 installations against the Heartbleed vulnerability. It is highly recommended that all 3CX Phone System version 11 users perform this update as soon as possible.

To download this update, simply login to the 3CX Windows Management Console from Start > All Programs > 3CX Phone System > Windows Management Console and navigate to the 3CX Phone System Updates node > 3CX Service Packs / Updates.

Fixes: Open SSL vulnerability for Heartbleed bug

3CX Phone System Version 12 users do not require any additional updates as they are already covered. We urge all 3CX Phone System users to always upgrade to the latest version in order to have all the security updates, latest features and fixes. To find out more about 3CX Phone System 12 and how to upgrade click here.

IMPORTANT NOTE: Please make sure that you have installed on your system the vc90 (visual studio c++ 2008 sp1 redistributable) in the appropriate  version (32 bit or 64 bit). Failing to do so will prevent all your services from starting.

Liked this article?


Get notified of new articles
or share
You might also be interested in:
  1. complex1

    Hi,

    Good job.
    But what about v10 users?
    Do they also need a patch?

    May 7, 2014 at 1:00 pm
    • @complex1 – Version 10 users need to update to a more modern version.

      May 7, 2014 at 1:42 pm
  2. Ian

    Does it require a system restart or just the 3cx services?

    May 7, 2014 at 2:08 pm
    • YOu just need to do this
      To download this update, simply login to the 3CX Windows Management Console from Start > All Programs > 3CX Phone System > Windows Management Console and navigate to the 3CX Phone System Updates node > 3CX Service Packs / Updates.
      Select the only available checkbox and click download. Update will be downloaded and services will be restarted automatically.

      May 7, 2014 at 2:10 pm
  3. Steve

    Unable to select Service Pack 4a to download and install. I’m running the demo version.

    May 8, 2014 at 8:10 am
    • It’s ok – dont worry. If they hack you its a demo version after all :-)
      Also since you are on a demo version, my question is what are you doing still on v11? Might as well go to v12.

      May 8, 2014 at 9:46 am
  4. Andrew

    If the system is not setup to use HTTPS or SSL/SRTP, is there any vulnerability to patch?
    Thanks

    May 8, 2014 at 10:28 am
    • @Andrew – yes there still is. Because irrespective of whether you use HTTPS or not, openssl dlls are still loaded. And if they are loaded, then they can be exploited.

      May 8, 2014 at 10:37 am
  5. Patrick Pickens

    As a general question, am I correct in thinking that this effects V11 installs on abyss only? Our organization have many clients that are still on V11 by their choice, but we primarily use IIS installs.

    May 8, 2014 at 3:52 pm
    • @Patrick – No not only abyss. Even IIS. openssl is not only used by Webservers. It is also used by 3CX Phone System to initiate Secure SIP connections.
      YOu just need to click on the update and update.

      May 8, 2014 at 4:02 pm
  6. looker44

    I am on V11r4. when I go to Start > All Programs > 3CX Phone System > Windows Management Console and navigate to the 3CX Phone System Updates node > 3CX Service Packs / Updates.
    I cannot select the update then download… nothing checks when I click in checkbox

    May 9, 2014 at 2:23 am
    • @looker44 Are you using Winforms management console?

      May 9, 2014 at 9:09 am
  7. Andy

    Is having visual studio c++ 2010 redistrubutable OK instead of visual studio c++ 2008 sp1 redistributable ?

    May 12, 2014 at 7:52 pm
    • @andy no it is not ok. They are different. You can have both installed but for the sake of the update u specifically need what is required in the blog post.

      May 14, 2014 at 5:28 am