|
| With no patch available, Microsoft issues safe
computing tips. |
The disclosure of an unpatched bug in Internet Explorer that
could allow attackers to take over a PC has prompted Microsoft to
caution its users. While Microsoft has been analysing the
vulnerability to develop a security patch, compromised sites are
being used by hackers to launch attacks using the flaw.
Computers running affected versions of Internet Explorer could
be infected after opening an email or visiting a website carrying
malicious code. Once infected, the computer could be taken over by
a remote attacker, who could steal data or use the infected
computer to attack others.
Microsoft is warning users to exercise caution when opening
email messages, and web links in email messages, from untrusted
sources.
"With no patches yet available to plug this hole, both home
users and businesses need to exercise caution here," said Carole Theriault, senior
security consultant at Sophos. "Users without any additional
security measures, such as firewall and anti-virus software, and
users who surf the web and open emails and without care, are at
much higher risk that those who practice safe computing."
According to Microsoft Security Response Center
blog, Microsoft is "working day and night" on development of a
security update for Internet Explorer that addresses this
vulnerability. It remains unclear whether Microsoft plans to
release the fix in its next scheduled security update, 11 April, or
whether it is considering an out-of-cycle fix release.
Sophos currently detects all known malware exploiting this
vulnerability.
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems
scanned for critical Microsoft security vulnerabilities.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
anti-virus protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.