Security news
Security news11 December 2007
Calls for NAC grow as Microsoft releases critical patches, Sophos reports Latest security holes highlight need for organizations to implement control and compliance policies
Three of the seven security bulletins rated as critical by Microsoft.
IT security and control firm Sophos has advised companies to consider the benefits of Network Access Control (NAC) in light of Microsoft's latest announcement that yet more critical security patches have been released.
As part of its monthly "Patch Tuesday" schedule, Microsoft has issued seven new bulletins, three of which are 'critical', about security vulnerabilities in its software, including Windows Media Format Runtime, and Internet Explorer. A number of different versions of Microsoft's operating system are affected by these security holes, including Vista.
Sophos advises users to patch against these vulnerabilities as a matter of urgency. All three critical patches address remote code execution vulnerabilities - if exploited, a hacker would be able to take complete control of a system running with administrative privileges, whether that be viewing and deleting data, or installing new malicious or unwanted programs.
Network access control enables organizations to control who and what is allowed onto their network, blocking unauthorized users, controlling guest access and ensuring compliance with a business's security policy. By implementing NAC, firms reduce the risk of unauthorized, guest, non-compliant, or infected systems compromising the network, ensuring that only correctly secured computers gain network access.
"Some may have hoped that last month's single critical patch was a sign of things to come, but with seven bulletins issued this month, it would be unwise for anyone to let their guard down," said Yogita Parmar, a spokesperson at Sophos. "Both home and business Windows users should keep up-to-date with the latest security patches, or risk being hacked. Although patching can be difficult to monitor and enforce, the process is made much easier with a NAC solution. Ensuring only compliant machines are allowed on the network means that exploited vulnerabilities on one machine remain quarantined from the remainder of the networked computers."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
