Three of the seven security bulletins rated as critical by
Microsoft.
IT security and control firm Sophos has advised companies to
consider the benefits of Network Access Control (NAC) in light of
Microsoft's latest announcement that yet more critical security
patches have been released.
As part of its monthly "Patch Tuesday" schedule, Microsoft has
issued seven new bulletins, three of which are 'critical', about
security vulnerabilities in its software, including Windows Media
Format Runtime, and Internet Explorer. A number of different
versions of Microsoft's operating system are affected by these
security holes, including Vista.
Sophos advises users to patch against these vulnerabilities as a
matter of urgency. All three critical patches address remote code
execution vulnerabilities - if exploited, a hacker would be able to
take complete control of a system running with administrative
privileges, whether that be viewing and deleting data, or
installing new malicious or unwanted programs.
Network access control enables organizations to control who and
what is allowed onto their network, blocking unauthorized users,
controlling guest access and ensuring compliance with a business's
security policy. By implementing NAC, firms reduce the risk of
unauthorized, guest, non-compliant, or infected systems
compromising the network, ensuring that only correctly secured
computers gain network access.
"Some may have hoped that last month's single critical patch was
a sign of things to come, but with seven bulletins issued this
month, it would be unwise for anyone to let their guard down," said
Yogita Parmar, a spokesperson at Sophos. "Both home and business
Windows users should keep up-to-date with the latest security
patches, or risk being hacked. Although patching can be difficult
to monitor and enforce, the process is made much easier with a NAC
solution. Ensuring only compliant machines are allowed on the
network means that exploited vulnerabilities on one machine remain
quarantined from the remainder of the networked computers."
Home users of Microsoft Windows can visit update.microsoft.com
to have their systems scanned for Microsoft security
vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at
www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated protection against viruses,
spyware, hackers, and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.