More information about critical Microsoft security vulnerability


As anticipated in the blog entry I made earlier today, Microsoft has published a highly critical patch (known as MS08-067) for Windows users.

Vanja in our labs has described the issue in greater detail on the SophosLabs blog and there is a more detailed analysis, including Sophos’s own take on the vulnerability, in a technical advisory.

Of course, you should also read Microsoft’s own official advisory on their website and download the patch. (Did I mention that? Get patched.)

This is a very serious vulnerability – you are advised to patch any potentially affected systems as a matter of priority in case hackers decide to exploit it with a fast-spreading internet worm.

If you’re in any doubt about the importance of rolling out the patch – just remember that in the past, hackers have released attacks exploiting security vulnerabilities within hours of Microsoft publishing a fix. Cybercriminals have a window of opportunity to infect computers, and have shown themselves historically not to waste any time.

Finally, it’s less than ideal if the first you heard about this Microsoft security patch was on this blog. Every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at

PS. In case I forgot to say – roll out the patch. Thanks.