Security news11 July 2007
Critical security vulnerabilities found in Microsoft's software Windows and Mac computer users must patch their systems
Three of the security bulletins have been rated as critical by Microsoft.
Sophos, a world leader in IT security and control, has advised computer users to install a number of new critical security patches from Microsoft.
As part of its monthly "Patch Tuesday" schedule Microsoft has issued six new bulletins (three of them labeled "critical") about 11 security vulnerabilities in its software.
Vulnerabilities described in the critical security bulletins include security issues with Microsoft Excel (in both Windows and Apple Mac versions), Windows Active Directory and the .Net Framework. The remaining bulletins address issues in Windows Vista's Firewall, Microsoft Office Publisher 2007 and IIS 5.1 on Windows XP Service Pack 2.
Some of the flaws in Microsoft's code could allow remote code execution, enabling a hacker to access data on a vulnerable PC or run malicious code such as a worm.
"Businesses and home users must be prepared to regularly install security patches from Microsoft, or risk having vulnerabilities on their PC exploited by hackers," said Graham Cluley, senior technology consultant at Sophos. "Microsoft doesn't announce critical security problems in its software for the fun of it - they're warning people of serious issues in the hope that customers will update and protect themselves before hackers can take advantage of the situation. Acting now will help defend your computers and help reduce the risk of cybercriminals running riot."
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos experts recommend that companies ensure that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. Sophos NAC Advanced offers a comprehensive and easy-to-deploy network access control solution, giving businesses the ability to control who and what is connecting to their network.
Beware bogus security bulletins
News of the latest security fixes from Microsoft arrives after Sophos issued a warning late last month about a widespread bogus email that tried to infect Windows users after posing as Microsoft Security Bulletin MS07-0065.
"If you're looking for a Microsoft security patch, make sure you're visiting the real Microsoft security site and be suspicious of unsolicited emails," warned Cluley. "The danger is that hackers will try and take advantage of rising awareness about security issues to try and infect PCs."
Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
