Microsoft has announced that a recently discovered vulnerability in its Internet Explorer browser may have affected a wide range of its users, especially Windows XP users.
There have been a limited number of targeted attacks that attempt to exploit users of Internet Explorer (IE) operating on versions 6 to 11. Microsoft has confirmed it is aware of “limited, targeted attacks” to exploit IE users and that the “vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated”.
The flaw was discovered by FireEye Inc who believe that several U.S. companies may already have been abused. FireEye Inc have said that “a sophisticated group of hackers have been exploiting the bug in a campaign dubbed Operation Clandestine Fox.” FireEye Inc spokesperson Vitor De Souza said “it’s a campaign of targeted attacks seemingly against U.S. based firms, currently tied to defence and financial sectors,” and that “it’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”
Microsoft have confirmed that they are investigating the flaw and that it will take “appropriate” steps; however the flaw will be of major concern to users of the Windows XP operating system.
Windows XP users have been told that from 8th April 2014, there will no longer be any support to the operating system as the company is looking to invest its time and finances into up and coming projects. Because of this, there won’t be any further security updates to any Windows XP software, meaning the operating system is especially vulnerable to this latest attack.
Cybersecurity firm Symantec have conducted tests and have confirmed that “the vulnerability crashes Internet Explorer on Windows XP.” Microsoft have suggested businesses and consumers still operating on Windows XP should upgrade to a newer alternative and install a patch as soon as it comes available as hackers looking to exploit the flaw could potentially create a lot of damage. Those who aren’t on Windows XP and use Internet Explorer should install the Microsoft patch as soon as it becomes available.