BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Microsoft Races To Fix Massive Internet Explorer Hack: No Fix For Windows XP Leaves 1 In 4 PCs Exposed

This article is more than 9 years old.

Microsoft is scrambling to fix a major bug which allows hackers to exploit flaws in Internet Explorer 6, 7, 8, 9, 10 and 11, responsible for 55% of the PC browser market. The company has also confirmed it will not issue a fix for web browsers running on Windows XP after it formally ended support for the 13 year old operating system on 8 April. XP still accounts for 25% of the world’s PCs.

The vulnerability was discovered by cyber security software maker FireEye Inc. which stated the flaw is a ‘zero-day’ threat. This means the first attacks were made on the vulnerability before Microsoft was aware of it. FireEye also revealed a sophisticated hacker group has already been exploiting the flaw in a campaign dubbed  ‘Operation Clandestine Fox’, which targets US military and financial institutions.

FireEye spokesman Vitor De Souza declined to name the hackers or potential victims as the investigation is ongoing, only telling Reuters: "It's unclear what the motives of this attack group are at this point. It appears to be broad-spectrum intel gathering."

For its part Microsoft has confirmed the existence of the flaw in an official post. It gave limited information on the bug, but admitted “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

A Temporary Fix

While Microsoft rushes to fix the bug, FireEye gave concerned users two workarounds .

1. Use another web browser other than Internet Explorer

2. Disable Adobe Flash. “The attack will not work without Adobe Flash,” it said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”

No Hope For Windows XP

While informed users should therefore be able to avoid attack until Microsoft issues a fix, Windows XP users have no light on the horizon.

Microsoft has confirmed that no fix will be rolled out for Windows XP because support has officially ended and there are no plans to make an exception. It states:

“An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.”

The company’s advice to Windows XP users has remained the same for some time: upgrade to Windows 7 or 8 or buy a new PC. It has also repeatedly sent a pop-up dialog box to reachable Windows XP machines with the following end of support notification.

For users unsure whether their existing PCs can support Windows 8, Microsoft offers a software tool called ‘Windows Upgrade Assistant’ which can be downloaded here.

Given the seriousness of the exploit and close proximity to Windows XP’s support cut-off date, critics will say Microsoft should issue one last fix. Defenders will point to the age of Windows XP and every OS has a lifespan while users have received sufficient warnings.

Either way the stark reality of still running Windows XP just struck home for owners of one-in-four PCs worldwide .

Update: 1 May 2014: In a highly unusual step Microsoft has today confirmed it will issue a patch for affected Windows XP users. “We’ve decided to provide an update for all versions of Windows XP (including embedded), today,” said Microsoft’s Adrienne Hall in an official TechNet blog post. “We made this exception based on the proximity to the end of support for Windows XP.”

The update will be applied automatically, but can also be triggered manually by clicking the “Check for Updates” button on the Windows Update section of the Control Panel.

Despite the fix, Hall again stressed XP users must update. "Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer," she said.

Given Microsoft is unlikely to make another exception in future I wholeheartedly agree. The problem, as commendable as the decision may seem, is ultimately it's an act of utter stupidity...

More On Forbes

Microsoft Abandons Windows 8.1: Take Immediate Action Or Be Cut Off Like Windows XP

What Windows 9 Must Do To Avoid Flopping Like Windows 8

Here Are 24 Countries Where Windows Phone Outsells The iPhone (And Why It Does)

Dell Precision M3800 Review - PC Users Finally Get A Rival To The 15-Inch Apple MacBook Pro With Retina Display