Windows XP users should immediately apply Microsoft’s out-of-band patch addressing the critical flaw in Internet Explorer because attackers are specifically targeting users on the older operating system, FireEye researchers warned.
The zero-day vulnerability in Internet Explorer, disclosed by Microsoft on Saturday and fixed Thursday, affected all versions of Internet Explorer, from IE 6 to IE 11, on all versions of Windows, from XP to Windows 8.1. Initially, FireEye researchers warned of an ongoing attack campaign called “Operation Clandestine Fox,” exploiting the vulnerability in IE 9 through IE 11 on Windows 7 and 8. There are now attacks specifically targeting Windows XP users running Internet Explorer 8 in multiple industries across Europe and North America, FireEye said Thursday.
Multiple threat actors are using the XP exploit, FireEye said. The initial exploit against IE 9 through IE 11 is fairly complex because it had to circumvent Microsoft’s built-in security mitigations such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). In comparison, the XP exploit is simpler because ASLR and DEP doesn’t exist in Windows XP.
The attacks appear to be serious enough to prompt Microsoft to patch XP, even though official support for the 12-year old operating system ended April 8. Even so, Microsoft warned that users shouldn’t take the unusual update as an incentive to stay on XP, and should continue to make plans to move to a newer operating system, especially since the newer versions have better security protections.
“Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer,” said Adrienne Hall, general manager of Trustworthy Computing at Microsoft.
Many organizations are still running Windows XP for a variety of reasons. A recent analysis from Secunia indicates there has been no change in the XP install-base since the OS entered end-of-life. A week after XP was no longer supported, 17 percent of U.S. users still had XP running, and after two weeks, the figure was 16 percent, Secunia found.
“Hackers will have a field day with XP (as they do with all popular software that go EOL), because they know plenty of users – private and corporate alike – still haven’t removed XP from their computers/migrated to other operating systems,” said Kasper Lingaard, Secunia’s head of research.