New vulnerability endangers Internet Explorer users
04/29/2014 1 Comment
By: Doug Zbikowski
UPDATE (May 1, 2014, 1:30pm ET): Microsoft has released an emergency patch for the Internet Explorer vulnerability. In a surprise move, they also released an update for Windows XP! Head over to Windows Update to get it.
A new bug has been discovered that could put Internet Explorer users at serious risk. Until the problem is fixed security experts are calling on users to switch to an alternative browser such as Google Chrome or Mozilla Firefox. In a rare move, the US Government is advising to users to switch to another browser until Internet Explorer is fixed.
On April 26th, 2014, Microsoft announced that all versions of Internet Explorer are at risk for “drive-by” attacks from malicious websites. This new vulnerability, dubbed CVE-2014-1776, has the potential to give hackers direct access to your computer, allowing infected web sites to install malicious applications, create new Windows accounts, and change or delete data stored on the computer. Disturbingly, these attacks have actually been observed in the wild by Internet security firm FireEye, who started observing this type of attack as early as February. Microsoft says attacks seem to be coming from websites that feature advertisement feeds or user-provided content where an attacker could insert malicious code. At this time it is unknown whether Microsoft will release an emergency patch or wait until patch Tuesday on May 13th to fix the vulnerability.
No Fix for XP
While you can rest assured that Microsoft will be releasing a patch quickly, a significant number of Windows users will not be fixed. Microsoft officially ended support for Windows XP on April 8th, 2014, and the aging OS will no longer receive security updates as a result. Over 1 in 4 computers are still running Windows XP, so the only alternative for these computers would be to use an alternative web browser. Google has promised Chrome support for Windows XP until April 2015, while Mozilla has yet to announce an end-of-support date. If a security flaw hits either of these browsers it will be fixed, unlike Internet Explorer.
Microsoft’s Saturday alert may be the first example of a serious exploit that puts Windows XP users permanently at risk. In March, antivirus manufacturer Avast reported Windows XP was already under attack six times more often than Windows 7 . Security advisers are issuing strong recommendations that Windows XP computers be replaced as soon as possible.
- Use an alternate web browser until Microsoft releases a fix for Internet Explorer.
- Windows XP users should switch to a more modern PC or tablet.
- Keep checking Windows Update for security updates.
Also Read: Microsoft kills Windows XP – so now what?