|
| Microsoft has described the WMF vulnerability as
critical. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have advised
computer users to apply a critical Microsoft security patch which
protects against a vulnerability in the way Windows handles WMF
graphic files. Sophos has seen over 200
different attempts to infect innocent computer users using the
flaw which has been public knowledge since late December 2005.
Unusually, Microsoft has issued the critical security update
outside of its normal monthly update cycle. Originally Microsoft
had indicated that it would not be issuing the patch until Tuesday
10 January, causing some in the security community to express
concern that hackers would have a significant opportunity to infect
internet users.
"It's good news that Microsoft has been able to issue this patch
sooner rather than later. This flaw in Microsoft's software is very
dangerous, and is being actively exploited by hackers to distribute
malware. It's critical that businesses and home users protect
against flaws like this as a matter of priority," said Graham Cluley, senior
technology consultant for Sophos. "Our advice to companies and home
users to waste no time in implementing this patch."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for
critical Microsoft security vulnerabilities.
Experts at Sophos are reminding users that hackers are
continuing to actively exploit the security hole, even though a fix
is now available.
In the latest sighted attacks emails with the subject line
"Happy New Year 2" have been spammed out, pointing users
to a website pretending to be an online e-card from
123greetings.com. However, the link really points to a
malicious website based in the Netherlands.
"Hackers are in a race against time to infect as many computers
as possible through the WMF security hole before companies have a
chance to put the patch in place," explained Cluley. "Everyone
should apply the patch as soon as possible, and defend their
networks with up-to-date anti-virus and anti-spam software."
Happy New Year emails are being sent that
pretend to point to an online greeting, but really send users to a
malicious website.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.