|Microsoft has described some of the vulnerabilities as critical|
Critical security holes discovered in Microsoft Windows, Internet Explorer and Outlook Express
Sophos has urged companies and home users to act quickly as critical new security vulnerabilities have been discovered in versions of Microsoft Windows, Internet Explorer and Outlook Express, which could be exploited by a future internet worm.
"If Microsoft says there is a critical problem with its software, companies should sit up and listen. All businesses should ensure they have the resources in place to see which of the vulnerabilities may affect them, and apply the fixes as necessary," said Graham Cluley, senior technology consultant for Sophos. "In the past we have seen worms appear exploiting Microsoft security holes within a couple of weeks of Microsoft's announcement. Smarter businesses will be putting protection in place now rather than waiting to see if an attack occurs."
Microsoft has posted details of the vulnerabilities and made available updates which are reported to fix the issue on its website. In the worst scenario echoing the Blaster or Sasser worm outbreaks, the vulnerabilities allow a remote attacker to run code on a user's system. The security holes could be exploited by hackers or a future internet worm.
"Home users are particularly open to attack, because they have often not downloaded the latest security patches from Microsoft, and may not be running a personal firewall," continued Cluley. "All computer users should ensure their systems are properly protected."
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.
Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.