Serious zero-day exploits emerge in all versions of IE and XP will not get a fix

After end of support for XP, hackers have now found the very first security bug that can put security of XP users at stake. It’s been just three weeks that Microsoft pulled support for its OS.

Microsoft recently announced that all versions of Internet Explorer, from IE6 to IE11, are at risk of drive-by-attacks from suspicious sites. Windows XP can run IE 6, 7 and 8 versions.

This newly found vulnerability of remote code execution, named as CVE-2014-1776, has the capability to give hackers similar user rights as the current user. It signifies that any attacker who is successful in running a PC as admin will have wide number of attacks open to them like; installing new malware on the system, adding new user accounts and altering or removing data stored on target PC. Majority of Windows users run PCs on admin accounts.

And if you till now wondered these attacks are theoretical, then think again, as a security firm has found out that the attacks are actively used in the wild. For the attack to work, a user will need to visit a malicious site trying to install the code. Microsoft meanwhile said that attacks can also trigger from sites that accept or host user-sent ads or content, where a cyber spy can insert a malicious code easily.

Microsoft still needs to decide that whether an emergency patch will be issued in the days to come or we will need to wait till May 13^th, the so-called patch Tuesday for getting repair for the versions supported of IE.

XP in the bitter

Whenever a patch is issued by Microsoft, a large number of Windows PC users do not receive the security update. Microsoft’s end of support for XP on April 8^th meant end of security updates for this aging OS. So, you can take this to be the first of post-support vulnerability, where XP users are left with no option but to find a way out, after this many such security glitches are sure to surface.

When last counted, Windows XP accounted for about 28% of PCs on a global scale, which is better than Windows 8, 8.1, Vista, OS X 10.9 and Linux users together.

Luckily this time, users of Windows XP can nullify this vulnerability by making use of a web browser except Internet Explorer. Since long, users of IE on XP are migrating to Mozilla Firefox or Google Chrome as a better and safer alternative, where both browsers are doing well.

Google, meanwhile, has promised that it will continue support for XP version of Google Chrome till April 2015 and Mozilla too has not yet made any announcement about end of support for Firefox on XP. It means if a vulnerability hits any of these two browsers on XP, then a security patch is available, unlike IE.

For users who must anyhow use IE, Microsoft has advised to download and install the Enhanced Mitigation Experience Toolkit (EMET) 4.1. This utility will help in protecting against any malware and is available for Windows XP PCs that have the service pack 3 installed.

You can also set IE to run in a more secured mode by opening Internet Options>Security, where you can set the slider to High option.

Saturday alert by Microsoft might be the trailer of a serious exploit already happening in the wild and which may put XP users at a permanent risk. It will not be the last one, as security experts commented. Last month, security company Avast said that Windows XP was six times more vulnerable than Windows 7 for attacks, and it was said even before the end of support for XP took place.

The author is a Browser support expert deals in providing Mozilla Firefox Support, Safari Support,

Google Chrome Support, Opera Support and Internet Explorer Support . Support can be availed at 1-888-753-5164 toll free.