Hole Poses Particular Trouble for Anyone Who Runs Windows XP
Updated April 27, 2014 8:18 p.m. ET
A newly discovered security hole in
Microsoft Corp.'s
MSFT +2.88%
Internet Explorer—the default Web browser for many users—could be
particularly troubling for those still running Windows XP.
Microsoft
on Sunday warned about a flaw affecting versions 6 through 11 of its
flagship browser. The coding flaw would allow hackers to have the same
level of access on a network computer as the official user, Microsoft
said, which is a best-case scenario for intruders.
The company said it is aware of "limited, targeted attacks" that attempt to exploit the flaw. Microsoft didn't elaborate.
FireEye Inc.,
FEYE -1.55%
a security company that claimed credit for finding the hole,
described it as part of a hacking campaign against U.S. financial and
defense companies. It didn't provide further details.
FireEye said attacks have mainly been targeted at Internet Explorer 9 through Internet Explorer 11.
The
bug affects the browser when used on multiple Microsoft operating
systems. But the situation poses a special concern for people still
using Windows XP.
The software was
introduced in 2001, and Microsoft on April 8 stopped supporting XP with
software updates—including security patches for the operating system and
its browser. XP can run up to Internet Explorer 8.
"XP users are not safe anymore and this is the first vulnerability that will be not patched for their system,"
Symantec Corp.
SYMC -0.20%
researcher Christian Tripputi wrote in a blog post for the data-security company.
Windows
XP, though outdated and plagued with security flaws, still runs on some
300 million machines. Microsoft offers extended support for corporate
clients still running XP, but at a hefty price.
Despite
its past statements, Microsoft could decide to make an exception and
issue a patch that would aid XP users. The company, based in Redmond,
Wash., didn't immediately respond to a request for comment.
"On
completion of this investigation, Microsoft will take the appropriate
action to protect our customers," Microsoft said in a security bulletin.
Sunday's
disclosure, to a certain extent, was predictable. Microsoft had
publicized widely its plans to stop supporting XP, and the dire
consequences for some users were well-known.
But it isn't clear whether anyone expected a major XP flaw to be found three weeks after Microsoft ended support.
Morgan Marquis-Boire, a well-known security researcher, posted a link to Symantec's warning on his Twitter account Sunday, including the phrase "*gets popcorn*" to indicate that he expects a furor to result.
Source: http://online.wsj.com/news/articles/SB10001424052702304163604579528203760439722?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304163604579528203760439722.html
Morgan Marquis-Boire, a well-known security researcher, posted a link to Symantec's warning on his Twitter account Sunday, including the phrase "*gets popcorn*" to indicate that he expects a furor to result.
Source: http://online.wsj.com/news/articles/SB10001424052702304163604579528203760439722?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304163604579528203760439722.html
Write to Danny Yadron at danny.yadron@wsj.com