Press Releases

Browse our press release archive

11 Sep 2003

Critical new security hole in MS Windows discovered, Sophos offers advice

Microsoft has described the vulnerability as critical

A new critical security vulnerability has been discovered in versions of Microsoft Windows. The new vulnerability could, like that exploited by the W32/Blaster-A worm, allow a remote attacker to run code on a user's system. The security hole could be exploited by hackers or a future internet worm.

"There is simply no excuse for IT managers at companies running Microsoft Windows not to already know about this serious security issue," said Graham Cluley, senior technology consultant for Sophos. "The recent Blaster and Nachi worms, which also exploited vulnerabilities in Microsoft's software, should have woken up every network manager to the importance of signing-up to Microsoft's free security mailing list. Not doing so is showing a disturbing disregard for the safety of your business systems."

Information on the vulnerability for home users has been published on Microsoft's website. Microsoft has also published step-by-step instructions for home users on how to help protect their computers with critical updates in future.

Microsoft has issued patches for Windows NT Workstation 4.0, Windows NT Server 4.0, Windows NT Server 4.0 (Terminal Server Edition), Windows 2000, Windows XP, Windows XP 64 bit Edition, Windows XP 64 bit Edition Version 2003, Windows Server 2003, and Windows Server 2003 64 bit Edition.

A technical bulletin at describes the latest security problem in detail.

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at