Microsoft issues security fixes, but warns of unpatched Word flaw

Vulnerabilities discovered in SQL Server, Exchange Server and Windows
Experts at Sophos have advised businesses to deploy Windows security patches after Microsoft issued a warning of security flaws in its software.

As part of its monthly "Patch Tuesday" schedule Microsoft has issued a number of bulletins about security vulnerabilities in its software. The list of affected software includes Microsoft SQL Server, Exchange and various versions of Windows.

Separately, however, Microsoft has issued a security advisory about an as yet unpatched vulnerability in Microsoft Office Word 2002 Service Pack 3, which could allow remote code execution. Microsoft acknowledges that it is possible that other versions of Word are also vulnerable.

"As internet criminals become more organized and financially-motivated it is more important than ever to ensure that your business is properly defended with the latest patches," said Graham Cluley, senior technology consultant at Sophos. "It will be interesting to see how quickly Microsoft can turnaround a fix to the possible flaw in Microsoft Word, which is reported to be being exploited in the wild by hackers."

Home users of Microsoft Windows can visit to have their systems scanned for Microsoft security vulnerabilities.

Sophos suggests that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at

How can Network Access Control help your business?
Network Access Control enables companies to control who and what is allowed onto their network; blocking unauthorized users, controlling guest access, and ensuring compliance with a business's security policy. By implementing NAC firms reduce the risk of unauthorized, guest, non-compliant, or infected systems compromising the network, ensuring that only correctly secured computers gain network access.

"NAC identifies managed, unmanaged and guest computers that do not comply with your security policy, and acts as a vital tool when dealing with newly reported security vulnerabilities such as these," explained Cluley. "It is possible to quickly assess, for instance, which computers are incorrectly patched or have their firewall disabled. You may then choose to automatically fix vulnerabilities before allowing the PCs to access your network, or simply block non-compliant computers."

Sophos continues to recommend companies protect their desktops and servers with automatically updated protection against viruses, spyware, hackers, and spam.

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter