Windows XP is permanently vulnerable to the newest Internet Explorer zero-day flaw

Update 4/30/14 9:04 a.m. ET: Microsoft says that there’s a way to avoid falling victim to the latest zero-day vulnerability if you use Internet Explorer 10 or Internet Explorer 11 on x64-based systems.  On their Technet blog, Redmond advises that by turning on Enhanced Protected mode in IE 10, or Enhanced Protected Mode and 64-bit Processes for Enhanced Protected Mode in IE 11, doing so “will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.”

Follow the steps below to turn on Enhanced Protected Mode in Internet Explorer 10 and Internet Explorer 11, which are courtesy of Microsoft. Keep in mind that in the Modern/Metro version of Internet Explorer for Windows 8/8.1, Enhanced Protected Mode is automatically enabled.

  1. Click on the gear button in the upper right corner of Internet Explorer, then click Internet Options.
  2. Click on the Advanced tab in the new window that appears.
  3. If you’re running IE 10, scroll find Enable Enhanced Protected Mode, and click the check box next to it to turn it on.
  4. If you’re running IE 11, scroll to find Enable Enhanced Protected Mode, and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems). Click the check boxes next to both options to turn them on.
  5. Click OK.
  6. Restart your computer.

There are several other methods you can employ to side step the flaw. Feel free to check them out on Microsoft’s official security advisory post here. Scroll down to the section entitled “Workarounds” to find them, but note that some of them require a bit more technical know-how than others, so we urge you to proceed with caution.

Original Story

If you’re still using Windows XP, you do realize that Microsoft stopped supporting the operating system earlier this month, right?

You see, the computer giant has just said it’s been alerted to a serious security flaw in versions 6 through 11 of its Internet Explorer Web browser. The good news is it’s promising to roll out a fix for users soon; but the bad news is if you’re still using XP, you’ll get no fix, leaving your machine vulnerable to attack.

According to Microsoft, the discovered flaw could allow a hacker to “gain the same user rights as the current user.” That’s right, they could potentially access your computer and operate it remotely.

On a dedicated webpage giving more information about the flaw, the company explained: “An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The Redmond-based company added, “On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

But just to be clear, this won’t cover XP users, so if you’re still using the aging OS – and it’s estimated that around 20 percent of PCs continue to run it – you really should think about ditching it once and for all to shore up the security of your machine. In fact, the computer company told Reuters Sunday that Windows XP users should upgrade to one of two most recent versions of its operating system – Windows 7 or 8 – without delay.

Security firm FireEye claims to have uncovered the vulnerability, stating that most of the recorded attacks are targeting Internet Explorer versions 9 through 11.

Considering the seriousness of the flaw, we expect that affected users won’t have to wait too long for Microsoft to roll out an update. Until this happens, the company is offering up a few short-term solutions – detailed toward the end of its advisory page – or you could simply switch to another browser such as Firefox or Chrome, though of course these, too, have their own issues when it comes to matters of security.

 [Image: Maksim Kabakou / Shutterstock]

Get our Top Stories delivered to your inbox: