Four MS patches 'critical`

Four of the six bulletins issued by Microsoft this week were described as 'critical`, says Brett Myroff, CEO of Sophos distributor, Netxactics.

The monthly Patch Tuesday schedule highlighted a number of different security vulnerabilities Microsoft software, including Internet Explorer, Outlook Express, Windows Mail and Microsoft Word, he adds.

"The vulnerabilities cover a number of different versions of the Windows operating system, including Vista. Organisations are advised to roll-out the patches as a matter of urgency, as hackers could access data on a vulnerable PC or run malicious code such as a worm."

This week also saw the Troj/Jenny-A Trojan emerging, affecting the Windows operating system. Once installed, it allows a hacker to access a computer, drop more malware, download code from the Internet and install itself in the registry.

"Troj/Jenny-A runs continuously in the background, providing a backdoor server that allows a remote intruder to gain access and control over the computer via IRC channels," explains Myroff.

The Troj/Tibs-TK Trojan has also been noted and is affecting Windows users. Others this week include Troj/DwnLdr-GYF and Troj/AntiHIP-A.

"While both are affecting the Windows platform, Troj/DwnLdr-GYF includes functionality to download, install and run new software. It also reduces system security and installs itself in the registry," says Myroff.

Troj/AntiHIP-A also reduces system security and can turn off the anti-virus application, attempting to bypass anti-virus security methods.

In addition, theW32/Sdbot-DIB network worm has been noted and is spreading via network shares. It affects Windows users and has IRC backdoor functionality. Its aliases include Win32/IRCBot.YW, a destructive program named W32/Trojan.BUPP and Backdoor.Win32.SdBot.blt.

"Having the latest security patches in place is a must for businesses and home users alike, or you run the risk of being the victim of a hacker attack," Myroff says, "particularly in light of the latest Microsoft vulnerabilities.

"Network access control can go a step further to help organisations enforce security policies, ensuring any non-compliant device is locked down and unable to jeopardise the network," he adds.

Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for Microsoft security vulnerabilities.

IT managers responsible for security should also consider subscribing to vulnerability mailing lists such as that operated by Microsoft.