More information about critical Microsoft security vulnerability

Filed Under: Microsoft, Vulnerability


As anticipated in the blog entry I made earlier today, Microsoft has published a highly critical patch (known as MS08-067) for Windows users.

Vanja in our labs has described the issue in greater detail on the SophosLabs blog and there is a more detailed analysis, including Sophos's own take on the vulnerability, in a technical advisory.

Of course, you should also read Microsoft's own official advisory on their website and download the patch. (Did I mention that? Get patched.)

This is a very serious vulnerability - you are advised to patch any potentially affected systems as a matter of priority in case hackers decide to exploit it with a fast-spreading internet worm.

If you're in any doubt about the importance of rolling out the patch - just remember that in the past, hackers have released attacks exploiting security vulnerabilities within hours of Microsoft publishing a fix. Cybercriminals have a window of opportunity to infect computers, and have shown themselves historically not to waste any time.

Finally, it's less than ideal if the first you heard about this Microsoft security patch was on this blog. Every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at

PS. In case I forgot to say - roll out the patch. Thanks.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and, and circle him on Google Plus for regular updates.