Over the weekend, a computer security firm reported a flaw in the widely used Internet Explorer browser that belongs to Redmond, Washington based Microsoft Corp. The company is now rushing to fix this bug because the security firm declared that the browser had already been exploited by hackers for attaching some of the prominent companies in the US. However, a problem for Windows XP users is that their PCs will not receive any updates for fixing this bug when they are finally introduced because it was only earlier this month when Microsoft announced that it would be stopping its support to the 13 year old operating system.
It has been estimated by security firms that about 15% to 25% of the PCs around the world are still running on Windows XP. On Saturday, the software giant announced its plans of fixing the bug in an advisory that it posted on its security website for its customers. The company also added that this security flaw exists in the versions of Internet Explorer from 6 to 11. Desktop browsing is dominated by most of these versions and they comprise of about 55% of the PC browser market as per the statistics that are provided.
FireEye Inc., the Cybersecurity software maker said that the bug was being exploited by a sophisticated group of hackers in a campaign that had been given the title of ‘Operation Clandestine Fox’. The Mandiant division of the software maker is focused on helping companies in responding to cyber-attacks, but FireEye refused to identify the group of hackers or give names of the victims that had been affected, saying that the matter was still being actively investigated. The spokesman of the company said that this campaign was basically attacking US based firms, which have ties to the financial and defense sectors.
He also added that the motives of the hackers remained unclear up till now as they were only gathering intel from these hacking ventures. He refused to elaborate on his statement and said that switching to another browser would be an excellent way to seek protection against the hackers. In its advisory, Microsoft Corp said that because of the vulnerability, a hacker could completely control the affected system and then use it for changing, viewing and deleting data. They could also claim full user rights by creating accounts and install malicious software into the affected system.
Not a lot of information about the security flaw has been provided by FireEye and Microsoft and neither have they shed any light on how the hackers were able to figure out how the bug could be exploited. Nonetheless, other groups of hackers are scrambling to learn all about the bug so they can launch similar attacks before an update can be prepared by Microsoft. Therefore, it is essential for the tech giant to move fast for protecting its users. Regardless, users of Windows XP will have no choice, but to switch browsers as they cannot take advantage of the update since the company stopped providing support for the OS.