Yet Another Antivirus Needs Security Fixes

Sophos Antivirus, an important security application currently installed on a large number of computers, needs to be patched as soon as possible due a vulnerability found in it, according to several reports. At this time, the parent company is working on a fix, so an update should be released anytime soon. Security company Secunia wrote that the vulnerability could be exploited to cause a Denial of Service attack. Only Sophos Antivirus 7.x is affected, Secunia informs. Although the flaw was rated as not critical, the patch should be applied as soon as it gets released, Sophos advises users.

The parent company has already confirmed the flaw and informed that it only affects Windows 2000, Windows XP and Windows Vista operating systems, no other platforms being vulnerable. "The vulnerability can only be exploited if you have 'Block suspicious behavior' detection enabled in Sophos Anti-Virus, and if basic security precautions are not adhered to. It is not possible to remotely execute code through this vulnerability," the company explained.

At this time, there's no report concerning a successful attack relied on the Sophos Antivirus vulnerability but even so, users are advised to allow only trusted ActiveX control and Java Applets to run. "End-users should follow standard security precautions and only allow such components to run if they trust the website they are using," Sophos wrote.

Unfortunately, Sophos has not provided a release date for the patch, so extra-care is recommended until the fix becomes available. "There is no committed date for a fix as yet, and Sophos will look to release the fix at the same time as a reboot is required to benefit from additional functionality."

Although we're sure you know, you can always download the latest version of Sophos Antivirus straight from Softpedia, using the following link. In addition, be sure to get back soon to find out when the security patch becomes available.