Security news
Security news13 August 2006
Worms exploit critical MS06-040 Microsoft security vulnerability Companies urged to roll-out security patch as a matter of priority
The worms exploit a critical Microsoft security vulnerability.
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users of malware that is exploiting a critical security vulnerability in Microsoft software.
The W32/Cuebot-L and W32/Cuebot-M worms spread via AOL instant messenger, exploiting the vulnerability described in Microsoft's MS06-040 security bulletin.
"Microsoft only issued a patch against the security hole used by these worms in the last few days, and yet already malware is being written that exploits this vulnerability to attack computer systems. This is a real headache for Microsoft as they try and reassure people that their operating system is becoming more secure," said Graham Cluley, senior technology consultant for Sophos. "There will be many Windows computers that will not have been patched yet and may be vulnerable to infection and compromise. We wouldn't be surprised if more worms were released which exploited this security hole in Microsoft's software. Everyone should act swiftly to ensure their PCs are properly protected with anti-virus software, firewall software and up-to-date security patches."
Once the Cuebot-L or Cuebot-M worms have infected a PC they turn off the Windows firewall and open a backdoor, allowing remote hackers to gain access and control over the computer.
Sophos advised customers to patch against the latest security vulnerabilities in Microsoft's software last week.
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, and spam.
Readers Choice Awards 2009Information Security Magazine
- Please vote for Sophos and Utimaco!
- Subscribe to the Information Security
newsletter to vote.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
