In this section

• Home
• Press office
• News archive
• Articles
• 2004
• 07

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

14 July 2004

If Microsoft says security holes are critical everyone should listen, says Sophos

Microsoft has described some of the vulnerabilities as critical

Critical security holes discovered in Microsoft Windows, Internet Explorer and Outlook Express

Sophos has urged companies and home users to act quickly as critical new security vulnerabilities have been discovered in versions of Microsoft Windows, Internet Explorer and Outlook Express, which could be exploited by a future internet worm.

"If Microsoft says there is a critical problem with its software, companies should sit up and listen. All businesses should ensure they have the resources in place to see which of the vulnerabilities may affect them, and apply the fixes as necessary," said Graham Cluley, senior technology consultant for Sophos. "In the past we have seen worms appear exploiting Microsoft security holes within a couple of weeks of Microsoft's announcement. Smarter businesses will be putting protection in place now rather than waiting to see if an attack occurs."

Microsoft has posted details of the vulnerabilities and made available updates which are reported to fix the issue on its website. In the worst scenario echoing the Blaster or Sasser worm outbreaks, the vulnerabilities allow a remote attacker to run code on a user's system. The security holes could be exploited by hackers or a future internet worm.

"Home users are particularly open to attack, because they have often not downloaded the latest security patches from Microsoft, and may not be running a personal firewall," continued Cluley. "All computer users should ensure their systems are properly protected."

Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.

• Read more about the security vulnerabilities on Microsoft's website now

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

See also:

• Sign up now for free notification of new viruses found in the wild
• Add live virus information to your website or intranet