On April 8th, 2014, Microsoft officially ended support for Windows XP, however, there are still many active users of the unsupported Operating System. CNET recently published an article that said Windows XP made up 26% of all desktop traffic in April; even the United States Government is still using Windows XP as news surfaced that the IRS will pay Microsoft for custom support for the remainder of this year’s tax season.
It goes without saying, that using an operating system that is not getting regular updates from the manufacturer is in itself a “risky choice”, but what if another component of that OS version were vulnerable?
This week Microsoft announced that there is a security flaw in Internet Explorer, the default Internet browser for all Windows OS. The vulnerability is specific to versions 6 to 11, which poses an additional threat to XP users, as they are limited to running IE 8 and below.
The security flaw could allow remote code execution giving a hacker the same permissions as an administrator. Yes, it is as bad as it sounds, and up until today, there were a handful of “band aids” that Microsoft recommended.
Earlier today Microsoft issued a security patch for the IE security flaw, and has even included Windows XP in the update. While the OS still no longer supported, the threat was serious enough for Microsoft to include a patch for XP. For users that have “Automatic Updates” selected, the update will download automatically; for those that like to manually update their machine, Microsoft is urging users to install the update when they are first notified. Please read Microsoft’s Security Response Blog for more detailed information about the update.
If you were unaware that Microsoft ended support for Windows XP and would like to learn more about it, read our article Windows XP and Security.