Press Releases

Browse our press release archive

11 Feb 2004

Hacker mass attack? Serious security vulnerability found in Microsoft Windows, Sophos comments

Microsoft has described the vulnerability as critical
Microsoft has described the vulnerability as critical

Sophos has warned users not to panic regarding a serious security vulnerability found in versions of Microsoft Windows, but to calmly ensure all computers are correctly patched.

The vulnerability, which Microsoft has described as "critical", is in Microsoft's ASN.1 Library and affects computers running Windows NT, Windows 2000, Windows XP and Windows Server 2003, could allow a remote hacker to have direct access to a user's computer or network. It could even be exploited by an internet worm, similar to Blaster which spread quickly around the internet last year.

"With doom-laden headlines in the newspapers about this bug in Windows, users need to keep a sense of proportion. At the moment we haven't seen any hackers or worms exploiting this hole, but that doesn't mean that computer users don't need to protect their PCs," said Graham Cluley, senior technology consultant for Sophos. "Everyone should ensure their computer is patched against this vulnerability as soon as possible. This announcement couldn't have come at a worse time for Microsoft, as they try and build their reputation for security."

Computer users and system administrators can read more about Microsoft Security Bulletin MS04-007 and download protection from Microsoft's website.

"Home users might consider checking out the services Microsoft offers at windowsupdate.microsoft.com, which can scan your home PC for security vulnerabilities and suggest which critical patches need to be installed," continued Cluley.

According to reports the security vulnerability was discovered six months ago, but Microsoft has waited until a fix was available before publicising the problem.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.