Skip to main content

Windows XP is permanently vulnerable to the newest Internet Explorer zero-day flaw

microsoft warns of serious internet explorer flaw security
Image used with permission by copyright holder

Update 4/30/14 9:04 a.m. ET: Microsoft says that there’s a way to avoid falling victim to the latest zero-day vulnerability if you use Internet Explorer 10 or Internet Explorer 11 on x64-based systems.  On their Technet blog, Redmond advises that by turning on Enhanced Protected mode in IE 10, or Enhanced Protected Mode and 64-bit Processes for Enhanced Protected Mode in IE 11, doing so “will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.”

Follow the steps below to turn on Enhanced Protected Mode in Internet Explorer 10 and Internet Explorer 11, which are courtesy of Microsoft. Keep in mind that in the Modern/Metro version of Internet Explorer for Windows 8/8.1, Enhanced Protected Mode is automatically enabled.

  1. Click on the gear button in the upper right corner of Internet Explorer, then click Internet Options.
  2. Click on the Advanced tab in the new window that appears.
  3. If you’re running IE 10, scroll find Enable Enhanced Protected Mode, and click the check box next to it to turn it on.
  4. If you’re running IE 11, scroll to find Enable Enhanced Protected Mode, and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems). Click the check boxes next to both options to turn them on.
  5. Click OK.
  6. Restart your computer.

There are several other methods you can employ to side step the flaw. Feel free to check them out on Microsoft’s official security advisory post here. Scroll down to the section entitled “Workarounds” to find them, but note that some of them require a bit more technical know-how than others, so we urge you to proceed with caution.

Original Story

If you’re still using Windows XP, you do realize that Microsoft stopped supporting the operating system earlier this month, right?

You see, the computer giant has just said it’s been alerted to a serious security flaw in versions 6 through 11 of its Internet Explorer Web browser. The good news is it’s promising to roll out a fix for users soon; but the bad news is if you’re still using XP, you’ll get no fix, leaving your machine vulnerable to attack.

According to Microsoft, the discovered flaw could allow a hacker to “gain the same user rights as the current user.” That’s right, they could potentially access your computer and operate it remotely.

On a dedicated webpage giving more information about the flaw, the company explained: “An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The Redmond-based company added, “On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

But just to be clear, this won’t cover XP users, so if you’re still using the aging OS – and it’s estimated that around 20 percent of PCs continue to run it – you really should think about ditching it once and for all to shore up the security of your machine. In fact, the computer company told Reuters Sunday that Windows XP users should upgrade to one of two most recent versions of its operating system – Windows 7 or 8 – without delay.

Security firm FireEye claims to have uncovered the vulnerability, stating that most of the recorded attacks are targeting Internet Explorer versions 9 through 11.

Considering the seriousness of the flaw, we expect that affected users won’t have to wait too long for Microsoft to roll out an update. Until this happens, the company is offering up a few short-term solutions – detailed toward the end of its advisory page – or you could simply switch to another browser such as Firefox or Chrome, though of course these, too, have their own issues when it comes to matters of security.

 [Image: Maksim Kabakou / Shutterstock]

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more
Windows has a print vulnerability that hackers are actively using
Brother's L8360 is a great color laser printer for small offices.

Microsoft has updated its documentation around the "PrintNightmare" vulnerability that is impacting Windows PCs across the world. The company now says it is aware of the issue, which officially involves cases where the Windows Print Spooler service may perform privileged file operations and allow hackers into your device.

Though it's not clear if all versions of Windows are impacted by this vulnerability, Microsoft says that the print spooler code that has the vulnerability is in all versions of Windows. The print spooler is what usually handles print jobs in Windows. Specifically, hackers can exploit that code to run arbitrary code with system privileges.

Read more
Windows 11 teases a cleaner and modern File Explorer app
microsoft teases new file explorer windows 11

Windows 11 is official, and there are lots of big visual changes in the new operating system. One of those changes coming soon could be a new File Explorer app, which looks to be a bit more modern and more focused on touch.

Though it wasn't specifically mentioned during Microsoft's June 24 event, a separate video about the design process of Windows 11 teased the new File Explorer. You can see it at around the 2 minute and 12-second mark, where a person is running their hands along the top of the screen. We included the screenshot for you below in case you missed it.

Read more