Microsoft has issued a public warning to all of it’s users that a serious security flaw has been discovered in it’s Internet Explorer (specifically versions 6 through 11). The affected versions represent approximately 50% of the we traffic around the world. Further underscoring the threat and risks associated with this is the fact that the U.S. Department of Homeland Security and the United States Computer Emergence Readiness Team are advising all users with the affected versions of Internet Explorer to “consider” using alternatives to the Microsoft product, at least until Microsoft can design and implement a fix.
In answering the question of “how serious is this security flaw” the startling answer from Microsoft is “the vulnerability could allow a hacker to take complete control of an affected system, and then do things such as viewing, changing, or deleting data; installing malicious programs; or creating accounts that would give hackers full user rights.”
They went on to say that it is aware of “limited, targeted attacks” had taken place and that hackers could continue to gain access to affected users via a “specially crafted website”.
The cyber security firm, FireEye, has stated that a very sophisticated group of hackers have been taking advantage of this security flaw in a coordinated hacking attack named “Operation Clandestine Fox.”
FireEye did not name any specific victims of these hacks nor did they give any indication of who the hackers were, stating that an investigation into all of this is still in process. A FireEye spokesman did state, “It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors. It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”
Further increasing the risk is the fact that Windows XP is also affected and, as we covered in an associated article, Microsoft no longer supports the product with any level of updates. Microsoft has been asked if they will make an exception in their recently implemented status regarding Windows XP updates given the severity of this flaw but as of this writing they have not responded. It is estimated that approximately 20% of the worlds PCs still run on Windows XP. Microsoft has stated that they recommend that all XP users now upgrade to Windows 7 or 8 so that they will benefit from the eventual bug fix to this security problem.
The bottom line of all of this is that if you are currently using Internet Explorer (versions 6 to 11) or are running Windows XP, you need to take the appropriate steps to protect yourself and your network. Until Microsoft announces they have a fix to this bug you should change over to a different product and if you have Windows XP you need to be giving serious consideration to upgrading to a protected and current product.