Microsoft recently published a security advisory for Internet Explorer, which is particularly dangerous for Windows XP users who still run the recently retired desktop operating system that’s still in use on millions of computers around the world. The firm said there’s a vulnerability in Internet Explorer 7 through Internet Explorer 11 that can allow hackers to execute code inside the browser unbeknownst to the end user. Microsoft said it is “aware of limited, targeted attacks” that have already tried to take advantage of the flaw.
The flaw would require an end-user to visit a website that takes advantage of the flaw, and Microsoft says there’s no way for a would-be attacker to “force” anyone to visit a site. However, an attacker could try to trick a user into visiting a dangerous site, and Microsoft warns against clicking suspicious email links or instant messages. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” Microsoft warns. The attacker could then install programs, delete data, create new user accounts and more.
A firm named FireEye Research Labs also caught on to the exploit. “Threat actors are actively using this exploit in an ongoing campaign which we have named “Operation Clandestine Fox,” the firm said. “We believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available.”
Microsoft has not yet released a fix and, since Windows XP is officially retired, that leaves IE users on Windows XP permanently open to the exploit. If you’re in that bunch, consider using a different browser such as Chrome or upgrading to a new version of Windows entirely.