Microsoft warns of SSL attacks

Microsoft is urging customers to immediately install a recent software patch for Secure Socket Layer vulnerabilities in Windows because hackers are preparing to exploit the flaws.

The patch, MS04-011, was made available on 13 April and is rated 'critical' by Microsoft. It patches 14 separate vulnerabilities, chiefly bugs in the SSL of all Windows systems.

"There is an increased threat potential," said Stuart Okin, chief security officer at Microsoft UK.

"Essentially we are seeing increased activity among the hacking community. Exploit code is out there and various sources are talking about bringing out exploit tools. We recommend customers to deploy the patches immediately."

The timing is also an indication of how much faster hackers are reverse engineering exploits from patches.

"The timing of reverse engineered exploits has come down from months and weeks to days, or hours in some cases," said Graham Titterington, principal analyst at Ovum.

"Hackers are getting increasingly adept at using patches for exploits. IT managers will need to patch quickly but carefully."

The patch is available from Microsoft here.