Barely a month after Microsoft pulled the plug on Windows XP life support, a critical security bug affecting the operating system – which remains in large usage for more than 300 million computers across the world – has been spotted.
Cybersecurity firm FireEye first reported the vulnerability found in multiple Internet Explorer versions. As of now, the flaw remains unpatched. But there is good news for users of IE9, IE10 and IE11 which run on Windows Vista and Windows 7. Unfortunately, Windows XP users won’t get fixes for the versions of Internet Explorer running on this system. Don’t say you have not been warned before the retirement of Windows XP on April 8.
What are the risks?
Malicious attackers could lure unsuspecting users into clicking a link that redirects to websites which can be used through “drive-by” attacks to take over your browser, and thus hack your computer system. This can be done through email-contained URLs.
By the time a user visits a malicious site, the attacker can remotely execute a code to install malware on your computer and steal sensitive data. In worst case scenario, attackers can take full control of your administrative rights over a computer and change your security settings.
This bug is so far the first security flaw to have ever hit Windows XP since it became a walking dead after April 8. And we can expect more vulnerabilities to come out in the future.
It is remarkably alarming that the bug was labeled a zero-day vulnerability – meaning a third-party had to notify Microsoft about it – when more than 55 percent of the Internet population are using the IE browser as revealed by research firm Netmarketshare.
How to mitigate the risks
Users of Windows XP in particular, who are not likely to receive a patch, are advised to install the Enhanced Mitigation Experience Toolkit 4.1 on their system in order to prevent attackers from taking advantage of the security flaw. The tool is available from Microsoft’s website.
Since the bug only affects different IE versions, it also obvious that users must start transitioning to other browsers such as Chrome, Firefox or Safari in order to avoid the risks.
Users can also protect themselves by activating the Enhanced Protected Mode and changing the local intranet security setting into “high”.
Also, FireEye recommends that users disable Adobe Flash Player on their IE browsers to mitigate the risk.
While Microsoft vowed not to issue a patch for Windows XP-based IE versions, there are those who are hoping that the software giant might lax its decision when the number of attacks rise exponentially, which is predictable.