 |
| Microsoft has described the vulnerability as
critical |
Sophos has warned users not to panic regarding a serious
security vulnerability found in versions of Microsoft Windows, but
to calmly ensure all computers are correctly patched.
The vulnerability, which Microsoft has described as "critical",
is in Microsoft's ASN.1 Library and affects computers running
Windows NT, Windows 2000, Windows XP and Windows Server 2003, could
allow a remote hacker to have direct access to a user's computer or
network. It could even be exploited by an internet worm, similar to
Blaster which spread
quickly around the internet last year.
"With doom-laden headlines in the newspapers about this bug in
Windows, users need to keep a sense of proportion. At the moment we
haven't seen any hackers or worms exploiting this hole, but that
doesn't mean that computer users don't need to protect their PCs,"
said Graham Cluley, senior technology consultant for Sophos.
"Everyone should ensure their computer is patched against this
vulnerability as soon as possible. This announcement couldn't have
come at a worse time for Microsoft, as they try and build their
reputation for security."
Computer users and system administrators can read more about Microsoft Security Bulletin
MS04-007 and download protection from Microsoft's website.
"Home users might consider checking out the services Microsoft
offers at windowsupdate.microsoft.com, which can scan
your home PC for security vulnerabilities and suggest which
critical patches need to be installed," continued Cluley.
According to reports the security vulnerability was discovered
six months ago, but Microsoft has waited until a fix was available
before publicising the problem.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.