Patches released for critical vulnerabilities in Microsoft's software

April 12, 2006 Sophos Press Release

Microsoft has described some of the vulnerabilities as critical
Microsoft has described some of the vulnerabilities as critical.

As part of its monthly patch distribution, Microsoft has issued a series of new security updates, some of which are categorized as critical.

Sophos reported last month how hackers were actively exploiting an unpatched security hole (known as the "CreateTextRange" vulnerability) in Internet Explorer to attack innocent computers. At the time some computer users reported they were turning off Active Scripting or switching to alternative web browsers such as Firefox to ensure their systems were not at risk. Amongst Microsoft's new security patches is a fix for the vulnerability.

"Businesses have been chomping at the bit to patch against this latest vulnerability in Microsoft's code, as there were many instances of hackers attempting to exploit the flaw in the wild," said Graham Cluley, senior technology consultant at Sophos. "A security hole which allows hackers with malicious intentions to run unauthorized code on Windows computers is very serious, and all affected users should ensure they have put the right defenses in place."

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection.