Total Pageviews

Monday, April 28, 2014

First security flaw Microsoft won’t fix in Windows XP has been found

First security flaw Microsoft won’t fix in Windows XP has been found


Windows XP users, you can’t say you weren’t warned.

As Microsoft’s creaky and obsolete operating system neared the end of its support life, the company warned that security flaws found after the April 8 deadline would not be patched. Now, a vulnerability has been discovered in all versions of Internet Explorer – including those that work on WinXP.

Though there’s no fix at the moment for any version of Windows, there soon will be – except for XP.

The flaw affects IE 6 through 11. Versions 6-8 work on Windows XP, but like XP, those versions of Microsoft’s browser no longer get security updates. That means, if you are using IE on XP, you’re vulnerable, with no hope in sight.

The obvious workaround is, of course, to use a browser other than Internet Explorer. That’s fine for consumers, but too many businesses still use XP and browser-based apps designed specifically for IE. Those companies that have been slow to dump XP are particularly at risk.

Microsoft has some advanced tweaks you can make to IE if you must use it at the bottom of its security bulletin.

An active exploit has been spotted that takes advantage of this flaw, but for now XP users get a reprieve. The exploit only targets IE 9-11, so versions that work on XP aren’t part of the current attack, according to a post at Network World. That could change at any time – since those PCs will never be patched, they’re low-hanging fruit for cyberscum.

You can find technical details about the flaw at the blog for FireEye, the security firm that spotted the exploit. Generally, the bug allows code to be run inside the browser, and can be exploited by evildoers luring users to a poisoned website.
From the FireEye post:
Threat actors are actively using this exploit in an ongoing campaign which we have named “Operation Clandestine Fox.” However, for many reasons, we will not provide campaign details. But we believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available.
Again, your best protection at the moment is to use a browser other than IE. And if you’re running XP – stop and upgrade to a more modern, secure version of Windows.



Visit my Food Blog at http://southerncookingwithtodd.blogspot.com/

No comments:

Post a Comment