Skip to main content

Critical zero-day vulnerability all versions of Internet Explorer -- XP users in big risk

By
Hackers have discovered the first bug that could put Microsoft windows XP customers & users at serious threat, after Microsoft company stopped support for the aging operating system XP less than three weeks ago.
On Saturday, Microsoft announced that Microsoft Internet Explorer (version 6 through 11) contains a Zero day vulnerability.
This can allow arbitrary code execution.

While using internet, users might  ‘Click‘ links/popup in a webpage or a Spam Email (attachment) – Once users click it , an attacker could take complete control of the system.
Currently, Microsoft not yet released a patch to fix this breach – SO it is a RISK for all Internet Explorer users. 


Windows XP is capable of running Internet Explorer 6, 7, and 8.
This new remote code execution vulnerability, dubbed CVE-2014-1776, has the possibilities to give hackers the same user rights as the current user. That means a successful attacker who infects a PC running as administrator would have a wide range of attack open to them such as installing more malware, spyware and adware on the system, creating new user accounts, and changing or deleting data stored on the target PC. Most Windows users run their PCs under an administrator account.

These attacks aren't theoretical, either—security firm FireEye discovered these attacks being actively used in the wild. For these attacks to work, however, a user would have to visit a malicious website attempting to install the code. Microsoft says attacks could also come from "websites that accept or host user-provided content or advertisements" where an attacker could insert malicious code.

Microsoft has yet to decide whether it will issue an emergency patch in the coming days or wait for patch Tuesday on May 13 to repair supported versions of IE.

XP Users in Risk

risk for xp users
Whenever Microsoft releases the patch, a major portion of Windows PC users won't be receiving the security update. Microsoft officially ended support for Microsoft XP on April 8, and the aging OS will no longer receive security updates as a result. So unless Microsoft does an about face, this appears to be the first post-support vulnerability where XP users eventually left to defend for themselves. Many more are sure to follow.

At last count, Windows XP is running on nearly 28 percent of all online PCs worldwide. That's more than Windows 8, 8.1, Vista, OS X 10.9, and Linux users combined, according to the latest numbers from Net MarketShare.

Luckily, Windows XP users can easily minimize this vulnerability by simply using any other Web browser apart from Internet Explorer. For long time IE users on XP, switching to Google Chrome or Mozilla Firefox would be your best choice, both instantly and proceeding forward.

Google has promised to support the XP version of Google Chrome until April 2015, while Mozilla has yet to announce a Firefox end-of-support date for XP. Should a vulnerability hit either of those browsers on XP it will be patched, unlike IE.

For those who absolutely must use IE, Microsoft advises downloading and installing the Enhanced Mitigation Experience Toolkit (EMET) 4.1. This utility helps to protect against malware and is available for Windows XP PCs with service pack 3 installed.

You can also run IE in a more secure mode by going to Internet Options >> Security and setting the slider to High.

Microsoft's Saturday alert may be the 1st example of a serious exploit already in the wild that will put Windows XP users permanently at risk. It won't, however, be the last, security experts say. In March, security firm Avast said that Windows XP was already under attack six times more often than Windows 7—and that was before the OS went end-of-life.

How to Avoid this Risk:

  • Do Not Open any e-mail or e-mail attachments which comes from an unknown person 
    • Attachment files may contain executable files which can spread virus into your system 
    • Do not open the e-mail attachment files with extensions SHS, VBS, PIF and also files with double extensions e.g. NAME.TXT.XBS, NAME.BMP.EXE 
  • Never respond to junk or spam emails 
  • Beware of popup windows (example-claiming you are lottery winner ..etc.) – Don’t ever click on it and delete permanently 
  • Use HTTPS websites whenever possible/available, instead of HTTP. In the web address it replaces http" to "https". The https refers to a secured protocol (encrypted) 
  • Temporarily use an alternate browser such as Chrome or Firefox 
Think Before U "CLICK"
Labels:

Comments

Post a Comment

Popular posts from this blog

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
45 comments
Read more

Linux File and Directory Permissions

By
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Post a Comment
Read more

How to create a Hirens Boot CD 15.2 USB Disk

By
Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems.  I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.
4 comments
Read more