More information about critical Microsoft security vulnerability

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Critical

As anticipated in the blog entry I made earlier today, Microsoft has published a highly critical patch (known as MS08-067) for Windows users.

Vanja in our labs has described the issue in greater detail on the SophosLabs blog and there is a more detailed analysis, including Sophos’s own take on the vulnerability, in a technical advisory.

Of course, you should also read Microsoft’s own official advisory on their website and download the patch. (Did I mention that? Get patched.)

Sign up to our free newsletter.
Security news, advice, and tips.

This is a very serious vulnerability – you are advised to patch any potentially affected systems as a matter of priority in case hackers decide to exploit it with a fast-spreading internet worm.

If you’re in any doubt about the importance of rolling out the patch – just remember that in the past, hackers have released attacks exploiting security vulnerabilities within hours of Microsoft publishing a fix. Cybercriminals have a window of opportunity to infect computers, and have shown themselves historically not to waste any time.

Finally, it’s less than ideal if the first you heard about this Microsoft security patch was on this blog. Every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.

PS. In case I forgot to say – roll out the patch. Thanks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.