Security news
Security news9 May 2007
Critical flaws found in Microsoft's software - Windows, Office and Internet Explorer amongst products affected Sophos urges businesses to patch now
Some of the critical vulnerabilities affect Internet Explorer on Microsoft Windows Vista.
As part of its monthly patch distribution, Microsoft has issued seven advisories - all rated critical - to address 19 security holes in a variety of its products.
The patches resolve issues in Microsoft Office products (such as Excel and Word), Internet Explorer and Microsoft Windows. The vulnerabilities could allow remote code execution, enabling a hacker to access data on a vulnerable PC or run malicious code such as a worm.
One of the most eagerly anticipated patches is MS07-029, which addresses a flaw in the Windows DNS RPC interface. Last month, zero day worms like W32/Delbot-AI (also known as Nirbot or Rinbot) spread via the vulnerability, turning affected PCs into part of a zombie network.
"Just like last month, security holes are being found which impact Windows users, including adopters of Microsoft Windows Vista," said Graham Cluley, senior technology consultant at Sophos. "Whether you are using the latest version of Windows or not, it makes sense to keep up-to-date with the latest security patches and roll them out across your business as a matter of priority. Hackers have shown no mercy in the past taking advantages of vulnerabilities in Microsoft's code, and taking action now will help defend your network and keep your company out of trouble."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
