Sophos Anti-Virus Vulnerabilities

A recent report by a security researcher has described multiple vulnerabilities that have been identified in Sophos Anti-Virus products, prompting Sophos to issue a security advisory. Sophos has reported that some of the vulnerabilities identified in the report have now been patched and that additional patches will be rolled-out to address the remaining vulnerabilities from November 28th 2012.

The NCSC advises that users of Sophos AV products follow best practice and ensure systems are fully patched and kept up to date, while applying appropriate security controls to mitigate these vulnerabilities. Links to the initial vulnerability report and Sophos’ security advisory are provided below.

- Sophos Vulnerabilities Report - Sophos Security Advisory

Any queries regarding either of these issues should be directed to the NCSC.