Security news
Security news20 September 2006
Exploited: Microsoft users warned of unpatched zero day flaw in Internet Explorer Vulnerability in Vector Markup Language can allow hackers to run malware on Windows PCs
The critical vulnerability exists in the way Microsoft supports VML (Vector Markup Language)
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a critical unpatched security hole in the way Microsoft software handles Vector Markup Language (VML). Microsoft has not yet released a fix for the security hole, which is being exploited by hackers conspiring to install malicious code onto innocent users' computers.
Microsoft has confirmed details of the vulnerability, and said that they plan to release a fix by Tuesday, 10 October.
Sophos researchers have seen a number of different pieces of malware being distributed via the flaw, including Troj/Dloadr-ANO, Troj/Goldun-EC, and Troj/Goldun-EE.
"The developers at Microsoft will be spitting feathers about yet another critical security problem being found in their code. What's worse, this is a flaw that is being exploited by hackers intent on installing malware on the computers of Windows users without any patch existing," said Graham Cluley, senior technology consultant for Sophos. "This is now a race against time. Even though reports of the exploit are so far limited, companies reliant on Internet Explorer would be wise to follow Microsoft's advice on ways to avoid this particular form of attack as it may be weeks before a patch from Microsoft is available."
Apple Mac owners, and users of non-Microsoft web browsers such as Mozilla Firefox, are not affected by the flaw.
Sophos continues to recommend that companies protect their computers with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection, the latest security patches, and properly configured firewalls.
When considering your anti-malware security vendor, what is more important to you?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
