|Microsoft has described the vulnerability as critical|
A new critical security vulnerability has been discovered in versions of Microsoft Windows. The new vulnerability could, like that exploited by the W32/Blaster-A worm, allow a remote attacker to run code on a user's system. The security hole could be exploited by hackers or a future internet worm.
"There is simply no excuse for IT managers at companies running Microsoft Windows not to already know about this serious security issue," said Graham Cluley, senior technology consultant for Sophos. "The recent Blaster and Nachi worms, which also exploited vulnerabilities in Microsoft's software, should have woken up every network manager to the importance of signing-up to Microsoft's free security mailing list. Not doing so is showing a disturbing disregard for the safety of your business systems."
Information on the vulnerability for home users has been published on Microsoft's website. Microsoft has also published step-by-step instructions for home users on how to help protect their computers with critical updates in future.
Microsoft has issued patches for Windows NT Workstation 4.0, Windows NT Server 4.0, Windows NT Server 4.0 (Terminal Server Edition), Windows 2000, Windows XP, Windows XP 64 bit Edition, Windows XP 64 bit Edition Version 2003, Windows Server 2003, and Windows Server 2003 64 bit Edition.
A technical bulletin at www.microsoft.com/technet/security/bulletin/MS03-039.mspx describes the latest security problem in detail.
Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.