First Major Vulnerability in the Post-XP Support Era

Sue Marquette Poremba
Slide Show

Final Patch Tuesday Quietly Ushers Out XP and 2003

My original plan for today was to focus on some of the more interesting tidbits to come from Verizon’s 2014 Data Breach Investigations Report, but you know the old saying about making plans. The security writer’s modification of that saying is “plan to write about last week’s news and the hackers will get busy with something new.”

That something new is the flaw in Internet Explorer that is affecting every single version of IE and is bad enough that experts across the board are warning people to use another browser until the flaw is fixed.

So if you are reading this on IE, please go to another browser and read my blog safely!


According to Ross Barrett, senior manager of Security Engineering, Rapid7, this is another zero-day exploit, explaining in a blog post:

The known exploit for this issue relies on Adobe Flash to be present and enabled.  Disabling or removing flash will block the known exploit, but does not address the root cause issue in Internet Explorer.

Microsoft has issued an advisory, but as of this writing, there is no patch. If you look at the advisory, you’ll note that Windows XP isn’t listed among the operating systems and browser versions that are affected. It’s not because XP doesn’t have a problem; instead, it is because Microsoft no longer recognizes XP. This is the first widespread vulnerability since Microsoft ended XP support earlier in April.

However, as Bloomberg Businessweek pointed out, you can still use XP and avoid this zero-day exploit:

There are other things that could protect XP users from attacks. The vulnerability exists in a Web browser, which means that it can only be exploited if victims use that browser to visit a website designed to attack them. “An attacker would have no way to force users to visit these websites,” wrote Microsoft in a security advisory. “Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message.”

Most security experts I’ve heard from expect the vulnerability to be patched on Patch Tuesday in mid-May. It may not be until then that we see how this and any other new vulnerabilities uncovered will affect the security of Windows XP users.



Add Comment      Leave a comment on this blog post

Apr 30, 2014 1:43 AM jon doe jon doe  says:
Win7, IE 10. I did a quick look through the Start programs and I dint see AD by itself so I could disable it. I searched via Start's box, and dint find it. How to disable AF? Reply
May 1, 2014 6:09 PM mrsmith mrsmith  says: in response to jon doe
Under Tools in IE -- Manage-Add-ons Reply
Aug 5, 2014 10:28 AM alexmartin alexmartin  says:
if you thinking to hire some one who may create a perfect resume so that you may win your job hunting battle then i think you must focus the professional resume writing here page where there are hundreds of comments and reviews about latest resume writing services used to help students with modern trend. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data