Businesses should urgently check their systems for up to 15 critical security vulnerabilities which could enable hackers to access their networks. 

The vulnerabilities are among 600 new software defects discovered over the past three months in a wide range of operating systems and widely-used applications. 


US security research body the Sans Institute, which released details of the vulnerabilities yesterday, advised businesses to fix the 15 most critical problems immediately.  "These vulnerabilities are widespread and many of them are being exploited right now," said Allan Paller, director of research at the Sans Institute.  "Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected."

Although the vulnerabilities have been publicised over recent weeks, even the most security conscious businesses have failed to remedy between 30% - 70% of the problems, research by vulnerability management specialist Qualys revealed.

Organisations that have automatic Microsoft and anti-virus updates turned on will have been protected against some of the critical vulnerabilities, but most organisations still have a lot of work to do, said Gerhard Eschelbeck, chief technology officer at Qualys. 

The critical vulnerabilities published in a "red flag" list yesterday cover a wide range of applications and systems, including Microsoft Internet Explorer, Windows XP Service Packs, Oracle Applications Server 9i and 10g.  Music and video playing software, such as Realplayer, iTunes and Winamp - applications that are often overlooked by IT departments as a source of risk.

Article sourced from: computer weekly 3rd May 2005