Microsoft Windows users encouraged to deploy critical vulnerability patch, Sophos offers advice

Sophos Press Release

Microsoft has released a patch that reportedly eliminates a critical security vulnerability in some versions of Microsoft Windows.

If exploited, the vulnerability would allow a hacker to gain complete control over a remote computer. This would give the attacker the ability to take any action on the computer they desired - including changing web pages, reformatting the hard drive, or adding new users to the local administrators group.

Microsoft says the vulnerability is present in the following versions of Windows: Microsoft Windows NT 4.0, Microsoft Windows NT 4.0 Terminal Services Edition, Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003. Microsoft Windows Millennium Edition is not believed to be affected.

Further details of the vulnerability and how businesses can patch against it can be found at www.microsoft.com/security/bulletins/200309_windows.mspx.

Microsoft has also published step-by-step instructions for home users on how to help protect their computers with critical updates.

"Loopholes are found in products on a weekly basis, some significant, some trivial," said Graham Cluley, senior technology consultant at Sophos. "IT managers should keep abreast of these loopholes and apply patches where appropriate before viruses and hackers come along to exploit them."

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp. Other vendors offer similar services.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.