|Microsoft has described three of the vulnerabilities as critical.|
As part of its monthly patch distribution, Microsoft issued nine security updates yesterday, three of which are critical. The critical patches address remote code execution flaws which could be exploited by hackers or an internet worm.
"The remote code execution vulnerabilities in Microsoft's software are serious, and it's critical that businesses and home users protect against them as a matter of priority," said Graham Cluley, senior technology consultant for Sophos. "In the past, malicious attacks have followed soon after Microsoft's announcement of problems with its software, so it's important that people take action now to ensure their PCs are properly defended."
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos notes, however, that since Microsoft issued the patches it has reported that some users have experienced difficulties with one of the fixes, Microsoft Security Bulletin MS05-051. Microsoft has published information about the problem on its website.
"Businesses would be wise to test any security patch from Microsoft before rolling it out across all of their computers," continued Cluley.
Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.