|Microsoft has described the vulnerability as critical|
Sophos has warned users not to panic regarding a serious security vulnerability found in versions of Microsoft Windows, but to calmly ensure all computers are correctly patched.
The vulnerability, which Microsoft has described as "critical", is in Microsoft's ASN.1 Library and affects computers running Windows NT, Windows 2000, Windows XP and Windows Server 2003, could allow a remote hacker to have direct access to a user's computer or network. It could even be exploited by an internet worm, similar to Blaster which spread quickly around the internet last year.
"With doom-laden headlines in the newspapers about this bug in Windows, users need to keep a sense of proportion. At the moment we haven't seen any hackers or worms exploiting this hole, but that doesn't mean that computer users don't need to protect their PCs," said Graham Cluley, senior technology consultant for Sophos. "Everyone should ensure their computer is patched against this vulnerability as soon as possible. This announcement couldn't have come at a worse time for Microsoft, as they try and build their reputation for security."
Computer users and system administrators can read more about Microsoft Security Bulletin MS04-007 and download protection from Microsoft's website.
"Home users might consider checking out the services Microsoft offers at windowsupdate.microsoft.com, which can scan your home PC for security vulnerabilities and suggest which critical patches need to be installed," continued Cluley.
According to reports the security vulnerability was discovered six months ago, but Microsoft has waited until a fix was available before publicising the problem.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.