A vulnerability in Microsoft Publisher has been described by the
software vendor as critical
As part of its monthly patch distribution, Microsoft has issued
a series of new security updates for Microsoft Windows and
Microsoft Office products. One of the vulnerabilities addressed by
the patches is categorized as critical, and affects Microsoft
Publisher, part of the Office suite. If left unpatched the
vulnerability could allow hackers to remotely execute code (such as
a worm) on vulnerable systems.
Microsoft Publisher 2000, Publisher 2002 and Publisher 2003 are
said to be affected by the problem. Other vulnerabilities
reportedly addressed by the patches involve Windows Server 2003,
Windows XP SP1 and SP2, and Windows 2000 Service Pack 4.
"All vulnerable computers must be protected against these flaws
at the earliest opportunity. On many occasions hackers have
exploited vulnerabilities in Microsoft's software in the days
immediately following an announcement of problems, so time is of
the essence," said Graham Cluley, senior
technology consultant for Sophos. "To properly protect your PC from
the criminal underground you need to ensure it is receiving regular
security patches. Anything less is asking for trouble."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for
critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
protection against viruses, spyware, and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.