 |
| Microsoft has issued an important security
update. |
Microsoft has issued an update for its Microsoft Internet
Security and Acceleration Server 2000 (ISA Server) and Microsoft
Proxy Server 2.0 software.
The update fixes an important security issue in the software,
and has been rated by Microsoft as "important". The software giant
has recommended that affected customers apply the update at the
"earliest possible opportunity".
"Microsoft issues security update for its software on a regular
basis, and all companies using Microsoft software need to get into
the habit of regularly applying security patches, or they will risk
leaving themselves exposed," said Graham Cluley, senior technology
consultant for Sophos. "This security update, however, does not
address the Internet Explorer vulnerability exploited by the newly
discovered Bofra
worm."
Sophos believes that the public disclosure of the vulnerability
exploited by the Bofra worm, without prior warning to Microsoft,
has made it difficult for the software giant to manage the issue
properly.
"It would be near on impossible for Microsoft to have created
and tested a patch for the Internet Explorer problem exploited by
Bofra in such a short period of time. Customers who wish to protect
themselves from Bofra will need to rely on anti-virus software and
firewalls for now," continued Cluley. "Microsoft strongly
encourages those who find software vulnerabilities to work with
them, rather than make the news immediately public."
Microsoft has posted details of the ISA Server and Proxy Server
vulnerability and made available updates which are reported to fix
the issue on its website.
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their
systems scanned for critical Microsoft security
vulnerabilities.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos protects against the Bofra worms
Sophos issued protection against the W32/Bofra-A worm at 15:29
GMT on 8 November 2004. Customers using Enterprise Manager or the Sophos small business solutions
were automatically protected at their next scheduled update.
Customers using these products received protection against the
W32/Bofra-B and
W32/Bofra-C
variants of the worm from 8:22 GMT on 9 November 2004.
Sophos recommends companies protect their desktops and servers
with automatically updated anti-virus
protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.