Press Releases

Browse our press release archive

14 Jul 2004

If Microsoft says security holes are critical everyone should listen, says Sophos

Microsoft critical
Microsoft has described some of the vulnerabilities as critical

Critical security holes discovered in Microsoft Windows, Internet Explorer and Outlook Express

Sophos has urged companies and home users to act quickly as critical new security vulnerabilities have been discovered in versions of Microsoft Windows, Internet Explorer and Outlook Express, which could be exploited by a future internet worm.

"If Microsoft says there is a critical problem with its software, companies should sit up and listen. All businesses should ensure they have the resources in place to see which of the vulnerabilities may affect them, and apply the fixes as necessary," said Graham Cluley, senior technology consultant for Sophos. "In the past we have seen worms appear exploiting Microsoft security holes within a couple of weeks of Microsoft's announcement. Smarter businesses will be putting protection in place now rather than waiting to see if an attack occurs."

Microsoft has posted details of the vulnerabilities and made available updates which are reported to fix the issue on its website. In the worst scenario echoing the Blaster or Sasser worm outbreaks, the vulnerabilities allow a remote attacker to run code on a user's system. The security holes could be exploited by hackers or a future internet worm.

"Home users are particularly open to attack, because they have often not downloaded the latest security patches from Microsoft, and may not be running a personal firewall," continued Cluley. "All computer users should ensure their systems are properly protected."

Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.