Three of the security bulletins have been rated as critical by
Microsoft.
Sophos, a world leader in IT security and control, has advised
computer users to install a number of new critical security patches
from Microsoft.
As part of its monthly "Patch Tuesday" schedule Microsoft has
issued six new bulletins (three of them labeled "critical") about
11 security vulnerabilities in its software.
Vulnerabilities described in the critical security bulletins
include security issues with Microsoft Excel (in both Windows and
Apple Mac versions), Windows Active Directory and the .Net
Framework. The remaining bulletins address issues in Windows
Vista's Firewall, Microsoft Office Publisher 2007 and IIS 5.1 on
Windows XP Service Pack 2.
Some of the flaws in Microsoft's code could allow remote code
execution, enabling a hacker to access data on a vulnerable PC or
run malicious code such as a worm.
"Businesses and home users must be prepared to regularly install
security patches from Microsoft, or risk having vulnerabilities on
their PC exploited by hackers," said Graham Cluley, senior
technology consultant at Sophos. "Microsoft doesn't announce
critical security problems in its software for the fun of it -
they're warning people of serious issues in the hope that customers
will update and protect themselves before hackers can take
advantage of the situation. Acting now will help defend your
computers and help reduce the risk of cybercriminals running
riot."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for
Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at
www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos experts recommend that companies ensure that all
computers connecting to their network conform to a defined security
policy, which includes having the latest security patches in place.
Sophos NAC Advanced offers a comprehensive and easy-to-deploy
network access
control solution, giving businesses the ability to control who
and what is connecting to their network.
Beware bogus security bulletins
News of the latest security fixes from Microsoft arrives after
Sophos issued a warning late last month about a widespread
bogus email that tried to infect Windows users after posing as
Microsoft Security Bulletin MS07-0065.
"If you're looking for a Microsoft security patch, make sure
you're visiting the real Microsoft security site and be suspicious
of unsolicited emails," warned Cluley. "The danger is that hackers
will try and take advantage of rising awareness about security
issues to try and infect PCs."
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
protection against viruses, spyware, hackers, and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.