Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Microsoft Issues Fix for Bofra Worm Vulnerability, Sophos Reports

  • 03 December, 2004 09:38

<p>Experts at Sophos have advised companies and home users to ensure they are protected against a security hole found in Microsoft Internet Explorer, which has already been exploited by an internet worm.</p>
<p>The vulnerability – known variously as the Internet Explorer Elements flaw, the IFRAME vulnerability, or the Bofra exploit – has been rated as ‘critical’, Microsoft's highest severity level, and can leave the popular Internet Explorer web browser open to attack.</p>
<p>In early November, the Bofra worm exploited the vulnerability. There were also reports of some website banner ads directing users to websites which contained malicious code using the vulnerability.</p>
<p>"This security patch is particularly important, because we already know that virus writers and hackers have exploited this flaw to try and compromise innocent people's computers," said Graham Cluley, senior technology consultant for Sophos. "All companies using Microsoft software need to get into the habit of regularly applying security patches, or they will be leaving themselves open to attack."</p>
<p>Microsoft has posted details of the vulnerability and made available an update which is reported to fix the issue on its website.</p>
<p>"Home users are particularly open to attack, because they have often not downloaded the latest security patches from Microsoft, and may not be running a personal firewall," continued Cluley. "All computer users should ensure their systems are properly protected."</p>
<p>Home users of Microsoft Windows can visit to have their systems scanned for critical Microsoft security vulnerabilities.</p>
<p>Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at</p>
<p>Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.</p>
Paul Ducklin ( is available for comment:
+61 2 9409 9100 (tel)
+61 2 407 320 515 (mob)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular