The critical vulnerability exists in the way Microsoft supports VML
(Vector Markup Language)
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a critical unpatched security hole in the way Microsoft
software handles Vector Markup Language (VML). Microsoft has not
yet released a fix for the security hole, which is being exploited
by hackers conspiring to install malicious code onto innocent
users' computers.
Microsoft has confirmed details
of the vulnerability, and said that they plan to release a fix
by Tuesday, 10 October.
Sophos researchers have seen a number of different pieces of
malware being distributed via the flaw, including Troj/Dloadr-ANO,
Troj/Goldun-EC,
and Troj/Goldun-EE.
"The developers at Microsoft will be spitting feathers about yet
another critical security problem being found in their code. What's
worse, this is a flaw that is being exploited by hackers intent on
installing malware on the computers of Windows users without any
patch existing," said Graham Cluley, senior
technology consultant for Sophos. "This is now a race against time.
Even though reports of the exploit are so far limited, companies
reliant on Internet Explorer would be wise to follow Microsoft's
advice on ways to avoid this particular form of attack as it may be
weeks before a patch from Microsoft is available."
Apple Mac owners, and users of non-Microsoft web browsers such
as Mozilla Firefox, are not affected by the flaw.
Sophos continues to recommend that companies protect their
computers with a consolidated solution to
thwart the virus, spyware and spam threats and secure their
desktops and servers with automatically updated anti-virus
protection, the latest security patches, and properly configured
firewalls.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.