Security news
Security news2 December 2004
Microsoft issues fix for Bofra worm vulnerability, Sophos reports
 |
| Microsoft has described the vulnerability as critical |
Experts at Sophos have advised companies and home users to ensure they are protected against a security hole found in Microsoft Internet Explorer, which has already been exploited by an internet worm.
The vulnerability - known various as the Internet Explorer Elements flaw, the IFRAME vulnerability, or the Bofra exploit - has been rated as "critical", Microsoft's highest severity level, and can leave the popular Internet Explorer web browser open to attack.
In early November, the Bofra worm exploited the vulnerability. (See how the Bofra worms spread using the vulnerability in Microsoft Internet Explorer). There were also reports of some website banner ads directing users to websites which contained malicious code using the vulnerability.
"This security patch is particularly important, because we already know that virus writers and hackers have exploited this flaw to try and compromise innocent people's computers," said Graham Cluley, senior technology consultant for Sophos. "All companies using Microsoft software need to get into the habit of regularly applying security patches, or they will be leaving themselves open to attack."
Microsoft has posted details of the vulnerability and made available an update which is reported to fix the issue on its website.
"Home users are particularly open to attack, because they have often not downloaded the latest security patches from Microsoft, and may not be running a personal firewall," continued Cluley. "All computer users should ensure their systems are properly protected."
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.
