April 28th 2014
Nearly three weeks following Microsoft's recent well-publicised cessation of support of its old Windows XP operating system, a number of hacking attacks have taken place on firms in the US via a vulnerability in Microsoft's Internet Explorer browser.
If successful, the attacks can force a computer to run any code forced by the attacker, which could result in data being extracted (compromising privacy) or the machine used as part of a botnet to send spam or effect a DDoS (Distributed Denial of Service) attack. Over 26% of desktop PCs used the affected browsers in 2013 (source: NetMarketShare).
Microsoft is working to supply a fix to the browser problem, but this wll not be sent to machines running XP as support ceased on April 8th this year.
The newly-discovered vulnerability can be exploited only if victims use the browser to visit a website designed to attack them, according to a security advisory message issued by Microsoft earlier today. “An attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message."
However, given the number and type of phishing emails, instant messages and social media posts now being distributed, Get Safe Online recommends that readers still running PCs with Windows XP should take urgent steps to replace the operating system by either upgrading to a newer version of Windows (if their PC is compatible), or choosing another of the many replacement options now available.