Jump to content

Categories:    Windows      Software      Hardware      Security      Mobile      Internet      Guides
Sponsored Links
Recent Forum Topics
Community Zone
MSFN Guides
Mobile News

MSFN Recommend
AskVG.com Bink Filehorse FreewareFiles Where unprofessional journalism looks better OSNN The Windows Club WinBeta lunarsoft
MSFN Statistics

Windows News
Internet Explorer Exploit Leaves XP Users High and Dry
Posted on Apr 29 2014 03:45 AM by xper in Software

Even when a fix is developed for the latest IE threat, Windows XP users won't get it. That's a good reason for them to upgrade their OS. A new vulnerability reported by Microsoft that allows an attacker to install malware and then execute it while bypassing the user's security is the best reason yet to move away from Windows XP if you're still among the millions of users who haven't moved to something newer. But the remote code execution vulnerability affects every version of Windows, and every version of Internet Explorer from version 6 through version 11.
This vulnerability, which can be triggered by visiting an infected Website or opening an HTML email, is so serious that the U.S. Department of Homeland Security's US-CERT (Computer Emergency Readiness Team) is recommending that you stop using IE entirely until Microsoft is able to fix the problem.

This means that not only should you not browse the Internet using IE, but you should change your default settings so that clicking on a link doesn't open it and change your email settings so that HTML messages use a different browser.
According to security researchers at FireEye, who found the vulnerability originally, it uses a previously known flash exploitation technique to allow code execution in portions of memory normally reserved for data. While the technique was known, the particular exploit method was not known until it was being employed to install malware.
Fortunately, Microsoft has a workaround that is available for enterprise users—the Enhanced Mitigation Experience Toolkit, which is available for download.
While the EMET will work with Windows XP, it does not provide a complete solution. With XP, the only real solution is to avoid running Internet Explorer. You should also set your security zone settings to "high." This will block ActiveX and Active Scripting, which in turn means that some Websites won't work properly.

More @ eWeek

Your Comment?