Same here, I heard or read nothing about this until -X- posted about it. I don't do twitter/facebook so I guess I'm screwed for the future!
Anyway, on one of the links that -X- posted there is a link to this article dated April 28th Monday. It seems to be the same old thing ... being careful of strange links and e-mails and I suppose use another browser ... I was using IE8 only for monthly updates, so it sits dormant most of the time.
From the article: "It is unknown whether Microsoft will backtrack on its support withdrawal to fix the security hole in Internet Explorer on Windows XP."
Ditch Internet Explorer on XP, Security Experts Warn
More than half of all internet users are vulnerable to a serious security bug that means Windows XP is vulnerable to hackers.
Serious security vulnerability could allow hackers to take control of a Windows computer through Internet Explorer, from version IE6 onwards.
Security experts have urged Windows XP users to change browsers owing to a serious bug in Microsoft’s Internet Explorer that could threaten over half of all internet users.
The vulnerability is actively being exploited by hackers, Microsoft has warned, and every active version of Internet Explorer is at risk, including IE 6 to IE 11, Windows XP and Windows RT. The bug could allow hackers to gain access to and hijack a Windows computer, including personal data.
Microsoft warned that it was “aware of limited, targeted attacks” currently under way using the security hole in Internet Explorer, which is used by over 55% of internet users globally, according to the latest data from research firm Netmarketshare.
'Appropriate action to protect our customers'
Microsoft issued security advice over the weekend, saying it was investigating the flaw and will take “appropriate action to protect our customers”, including patching the security hole, originally found by security company FireEye.
The flaw affects users of Internet Explorer on multiple Windows software versions, including Windows Vista, 7 and the latest Windows 8. But the biggest threat is posed to the 13-year-old Windows XP, which Microsoft recently withdrew support for and is still used on an estimated 430m computers globally.
It is unknown whether Microsoft will backtrack on its support withdrawal to fix the security hole in Internet Explorer on Windows XP.
“Windows XP users shouldn’t panic, but should certainly be aware of the risk and if at all possible switch to an alternative browser,” Rik Ferguson, vice president of security research at Trend Micro, told the Guardian. “If you aren't going to be switching your operating system any time soon, it would be a good idea to make a permanent switch to another browser. That would make the web-facing portion of your browsing activities one that will be actively updated.”
Warnings over an “XPocalypse”, where a flood of security holes were expected once Microsoft’s security support of Windows XP stopped on 8 April, seem to have been overblown but the risk of using a system that is not updated is still real.
“The fact that we’re seeing a vulnerability that affects Windows XP this soon after support has ended indicates that we’re going to see a trickle of security flaws instead, but a strong trickle at that. Criminals and nation states may well have a stock pile of these bugs but they are very unlikely to unleash them in one go,” Ferguson said.
Take complete control
Microsoft’s security note explained that hackers looking to take advantage of the bug to take complete control of a user’s computer via Internet Explorer would require users to view a “specially crafted website”.
Microsoft advised users to be careful about clicking on suspicious links that could take them to the hacker’s site when browsing, emailing or chatting via instant messenger. The company also explained a series of work arounds that could help protect users, which include installing a Microsoft tool kit that enhances the security of Internet Explorer.
“We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalised,” a Microsoft spokesperson told the Guardian.
Edited by monroe, 29 April 2014 - 03:23 AM.