 |
| Microsoft has described the vulnerability as
critical |
A new critical security vulnerability has been discovered in
versions of Microsoft Windows. The new vulnerability could, like
that exploited by the W32/Blaster-A worm,
allow a remote attacker to run code on a user's system. The
security hole could be exploited by hackers or a future internet
worm.
"There is simply no excuse for IT managers at companies running
Microsoft Windows not to already know about this serious security
issue," said Graham Cluley, senior technology consultant for
Sophos. "The recent Blaster and Nachi worms, which also
exploited vulnerabilities in Microsoft's software, should have
woken up every network manager to the importance of signing-up to
Microsoft's free security mailing list. Not doing so is showing a
disturbing disregard for the safety of your business systems."
Information on the vulnerability for home users has been
published on Microsoft's website. Microsoft has also
published step-by-step instructions for home users on how to
help protect their computers with critical updates in future.
Microsoft has issued patches for Windows NT Workstation 4.0,
Windows NT Server 4.0, Windows NT Server 4.0 (Terminal Server
Edition), Windows 2000, Windows XP, Windows XP 64 bit Edition,
Windows XP 64 bit Edition Version 2003, Windows Server 2003, and
Windows Server 2003 64 bit Edition.
A technical bulletin at www.microsoft.com/technet/security/bulletin/MS03-039.mspx
describes the latest security problem in detail.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.