Internet Explorer Vulnerability: First Zero Day for Windows XP

Last week I wrote about the case of XP and how we haven’t yet seen any major vulnerabilities come to the fore since its very last patch update on the 8th April.

However, it was never going to be a case of ‘if’. It was only ‘when’.  And when is now.

Cyber criminals were said to be simply biding their time so they can reverse engineer new patches to expose vulnerabilities within XP (see my previous blog for more details on this). But I’m not sure anyone could have predicted the first vulnerability would come so soon before the next patch update for newer operating systems (13th May), or on such a massive scale.

Described by our security partner Sophos as a ‘security advisory of the heart dropping sort’, Microsoft have announced a massive vulnerability found in Internet Explorer, which affects versions 6 right through to 11.

There are more details about the vulnerability on Sophos’ Naked Security blog which describes the vulnerability as an ‘in the wild’ exploit that can cause RCE (remote control execution).

This means that if hackers can trick you into clicking on a special website that they have created, they can then launch malicious code onto your computer or take control of your user settings, outside of your own network. If successful, this could give the hackers the same access rights to your data as you currently have.

The initial vulnerability was discovered by cyber security software maker FireEye which identified it as a ‘zero day’ threat (when hackers exploit previously unknown vulnerabilities). ‘Zero Day’ are two words which Windows XP users should get to know very well.

Microsoft haven’t said yet whether they are going to issue a patch to fix this vulnerability in the next scheduled patch Tuesday in May, or if they will endeavour to put out a one off fix. But one thing’s for sure – Windows XP users are out there on their own. There will never be a security fix for this issue for them. **UPDATE – see comments section below**

There are a number of things you can do to try and protect yourself – the obvious one being stopping to use Internet Explorer and using another browser such as Chrome or Firefox. That’s what CERT (Computer Emergency Response Teams) in the US, UK and Sweden are advising (this vulnerability is so significant governments have become involved).

Microsoft have also recommended a few workarounds which you can see in the ‘Suggested Actions’ section in their official blog post in the subject.

For those running Windows Vista, Windows 7, Windows 8 and Windows 8.1, I think it’s likely that Microsoft will release an out of cycle update to fix the issue before the next patch update. Until then, try and be as rigorous as possible in not clicking on any suspicious links or attachments.

For TSG SystemCare customers, as soon as the rumoured update comes out, as always we will instantly check it thoroughly and release it through SystemCare.