Microsoft warns of critical security flaws in its software, Sophos advises users to patch against vulnerabilities

April 13, 2005 Sophos Press Release

Microsoft has described five of the vulnerabilities as critical
Microsoft has described five of the vulnerabilities as critical.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have urged companies and home users to act quickly as Microsoft has released information about new security holes in their products. Five of the advisories are labelled "critical", Microsoft's highest severity level, and could leave users' computers vulnerable to attack.

"If you use Microsoft products you need to keep updated with the latest Microsoft security patches, or you will be leaving yourself open to attack," said Graham Cluley, senior technology consultant for Sophos. "In the past hackers and virus writers have exploited vulnerabilities to break into internet-connected computers for the purposes of stealing money and resources, or launching spam or denial-of-service campaigns."

Microsoft has posted details of the vulnerabilities and made available updates which are reported to fix the issues on its website.

Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.

"Home users are particularly open to attack, because they have often not bothered to download the latest security patches from Microsoft, and may not be running up-to-date anti-virus software or a personal firewall," continued Cluley. "It's essential that all computer users ensure their systems are properly defended and follow safe computing best practice."

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.