Microsoft releases patch against latest Explorer vulnerability, Sophos comments

Sophos Press Release

Microsoft has issued a security patch which reportedly fixes a critical vulnerability in versions of Internet Explorer. The vulnerability was recently exploited by the Troj/Qhosts-1 Trojan horse.

Microsoft categorised the vulnerability as "critical" and urged customers to "apply the patch immediately". According to Microsoft the following versions of Internet Explorer are affected: Internet Explorer 5.01, Internet Explorer 5.5, Internet Explorer 6.0, and Internet Explorer 6.0 for Windows Server 2003.

More information about the vulnerability and how to apply the patch can be found on Microsoft's website at www.microsoft.com/technet/security/bulletin/MS03-040.asp.

"Unlike worms like Blaster and Slammer, where patches were available before the virus existed, a Trojan horse which exploited this vulnerability was spotted before Microsoft had a fix," said Graham Cluley, senior technology consultant for Sophos. "With more vulnerabilities coming to light all the time, companies may have to rethink whether full internet access for all employees is such a good idea."

Microsoft has published step-by-step instructions for home users on how to help protect their computers with critical updates in future.

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.