Security news
Security news11 July 2007
Critical security vulnerabilities found in Microsoft's software Windows and Mac computer users must patch their systems
Three of the security bulletins have been rated as critical by Microsoft.
Sophos, a world leader in IT security and control, has advised computer users to install a number of new critical security patches from Microsoft.
As part of its monthly "Patch Tuesday" schedule Microsoft has issued six new bulletins (three of them labeled "critical") about 11 security vulnerabilities in its software.
Vulnerabilities described in the critical security bulletins include security issues with Microsoft Excel (in both Windows and Apple Mac versions), Windows Active Directory and the .Net Framework. The remaining bulletins address issues in Windows Vista's Firewall, Microsoft Office Publisher 2007 and IIS 5.1 on Windows XP Service Pack 2.
Some of the flaws in Microsoft's code could allow remote code execution, enabling a hacker to access data on a vulnerable PC or run malicious code such as a worm.
"Businesses and home users must be prepared to regularly install security patches from Microsoft, or risk having vulnerabilities on their PC exploited by hackers," said Graham Cluley, senior technology consultant at Sophos. "Microsoft doesn't announce critical security problems in its software for the fun of it - they're warning people of serious issues in the hope that customers will update and protect themselves before hackers can take advantage of the situation. Acting now will help defend your computers and help reduce the risk of cybercriminals running riot."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos experts recommend that companies ensure that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. Sophos NAC Advanced offers a comprehensive and easy-to-deploy network access control solution, giving businesses the ability to control who and what is connecting to their network.
Beware bogus security bulletins
News of the latest security fixes from Microsoft arrives after Sophos issued a warning late last month about a widespread bogus email that tried to infect Windows users after posing as Microsoft Security Bulletin MS07-0065.
"If you're looking for a Microsoft security patch, make sure you're visiting the real Microsoft security site and be suspicious of unsolicited emails," warned Cluley. "The danger is that hackers will try and take advantage of rising awareness about security issues to try and infect PCs."
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
