Security news
Security news12 September 2006
Critical security hole in Microsoft Publisher could allow remote code execution Companies and home users urged to apply patches
A vulnerability in Microsoft Publisher has been described by the software vendor as critical
As part of its monthly patch distribution, Microsoft has issued a series of new security updates for Microsoft Windows and Microsoft Office products. One of the vulnerabilities addressed by the patches is categorized as critical, and affects Microsoft Publisher, part of the Office suite. If left unpatched the vulnerability could allow hackers to remotely execute code (such as a worm) on vulnerable systems.
Microsoft Publisher 2000, Publisher 2002 and Publisher 2003 are said to be affected by the problem. Other vulnerabilities reportedly addressed by the patches involve Windows Server 2003, Windows XP SP1 and SP2, and Windows 2000 Service Pack 4.
"All vulnerable computers must be protected against these flaws at the earliest opportunity. On many occasions hackers have exploited vulnerabilities in Microsoft's software in the days immediately following an announcement of problems, so time is of the essence," said Graham Cluley, senior technology consultant for Sophos. "To properly protect your PC from the criminal underground you need to ensure it is receiving regular security patches. Anything less is asking for trouble."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, and spam.
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
