April flaws, May patches

The recently discovered Internet Explorer security flaw was found by FireEye Inc. and confirmed later by Microsoft, which affects the Internet browser versions 6 through 11, users that are still surfing the Internet on Windows XP are at a higher risk than other operation systems because Windows has also announced that they will no longer be supporting the 12 year old system.

Salvador Lopez Jr., [email protected], is a computer science and mass media major.

The recently discovered Internet Explorer security flaw was found by FireEye Inc. and confirmed later by Microsoft, which affects the Internet browser versions 6 through 11, users that are still surfing the Internet on Windows XP are at a higher risk than other operation systems because Windows has also announced that they will no longer be supporting the 12 year old system.

Microsoft’s Internet Explorer accounts for at least half of the global browser market because the Internet Explorer browser is found on nearly every Windows machine and is easily accessible by most devices. The flaw is not because Internet Explorer or Windows XP is weakly coded or a specially desired operating system to attack, but because Microsoft on April 8 ended its support for the operating system meaning they will no longer release patches to protect the security or privacy of the end user.

Those wishing to exploit CVE-2014-1776 have been found sending users emails directing them to malicious websites. Users can also find themselves surfing a malicious website and are subject to attack. Depending on the level of access the current user has on the PC translates to how extreme the attack can be.

If the user is an administrator, the attacker can change, delete or view data to the account. Install programs and create accounts on the PC so they can later have full user permissions on the PC. A user is only vulnerable to such an attack when visiting malicious websites.

Nearly a month after Microsoft ended its support for Windows XP, they released an updated patch that will protect the user from the Internet Explorer vulnerability. In a statement made by Microsoft, they have claim only a small number of machines actually seen an attack carried out and concerns about the flaw were overblown.

Since Windows XP, Microsoft has released Windows Vista, Windows 7 and Windows 8 operating systems, if a user is still running Windows XP they are encouraged to upgrade their operating system. Upgrading the system can lead to better productivity, increase in mobility of data and stronger security protection from exploits such as CVE-2014-1776.

Upgrading an operating system on a machine that is still running Windows XP may be a problem for some users. The hardware that is installed on older devices may not be able to support newer operating systems. A user should first check if their current machine can handle a newer operating system before making a purchase. If their current machine is unable to, they may need to purchase a new device completely.

There is no absolute way to defend Windows XP against further attacks, but a user can consider steps to limit their exposure to vulnerabilities. For users browsing on Internet Explorer 11, surf with Enhanced Protected Mode and enable 64-bit Processes. Change the settings in Internet and Local intranet security zone to “High”, disable Active scripting and require a prompt before running ActiveX applications. Choosing an alternative Internet browser is also encouraged.