Microsoft patches more critical vulnerabilities in its software

June 13, 2007 Sophos Press Release

Some of the vulnerabilities have been rated as critical by Microsoft
Some of the vulnerabilities have been rated as critical by Microsoft.

Sophos, a world leader in IT security and control, has advised computer users to install a number of new critical security patches from Microsoft.

As part of its monthly "Patch Tuesday" schedule Microsoft has issued a number of new bulletins (some of them labeled "critical") about security vulnerabilities in its software.

Vulnerabilities described in the security bulletin include vulnerabilities in Windows' Schannel security package, Internet Explorer, Outlook Express, and Windows Mail. These flaws could allow remote code execution, enabling a hacker to access data on a vulnerable PC or run malicious code such as a worm.

"Patching against new security vulnerabilities should be as natural as breathing for Windows users. If you don't do it, you risk hackers breaking into your PC and causing mayhem," said Graham Cluley, senior technology consultant at Sophos. "It makes sense to keep up-to-date with the latest security patches and roll them out across your business as a matter of priority. In the past hackers have shown no mercy in taking advantage of vulnerabilities in Microsoft's code - acting now will help defend your network and keep your company out of trouble."

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

Sophos experts recommend that companies ensure that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. Sophos NAC Advanced offers a comprehensive and easy-to-deploy network access control solution, giving businesses the ability to control who and what is connecting to their network.

Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.