Internet Explorer Exploit Leaves XP Users High and Dry

 
 
By Wayne Rash  |  Posted 2014-04-28 Email Print this article Print
 
 
 
 
 
 
 
Micfrosoft security

NEWS ANALYSIS: Even when a fix is developed for the latest IE threat, Windows XP users won't get it. That's a good reason for them to upgrade their OSes.

A new vulnerability reported by Microsoft that allows an attacker to install malware and then execute it while bypassing the user's security is the best reason yet to move away from Windows XP if you're still among the millions of users who haven't moved to something newer. But the remote code execution vulnerability affects every version of Windows, and every version of Internet Explorer from version 6 through version 11.

This vulnerability, which can be triggered by visiting an infected Website or opening an HTML email, is so serious that the U.S. Department of Homeland Security's US-CERT (Computer Emergency Readiness Team) is recommending that you stop using IE entirely until Microsoft is able to fix the problem. This means that not only should you not browse the Internet using IE, but you should change your default settings so that clicking on a link doesn't open it and change your email settings so that HTML messages use a different browser.

According to security researchers at FireEye, who found the vulnerability originally, it uses a previously known flash exploitation technique to allow code execution in portions of memory normally reserved for data. While the technique was known, the particular exploit method was not known until it was being employed to install malware.

Fortunately, Microsoft has a workaround that is available for enterprise users—the Enhanced Mitigation Experience Tookkit, which is available for download. While the EMET will work with Windows XP, it does not provide a complete solution. With XP, the only real solution is to avoid running Internet Explorer. You should also set your security zone settings to "high." This will block ActiveX and Active Scripting, which in turn means that some Websites won't work properly.

There are a number of other measures to help limit damage from this vulnerability. These are listed in the Microsoft security advisory in the first link at the top of this column. What Microsoft isn't saying is that you should avoid IE until a fix is released.

For XP users, that fix will never come. While most of Microsoft's recommendations for workarounds will work, the fact is that they work at the price of reduced functionality. Some of the things you like to do on the Web won't work if you follow Microsoft's instructions, and you won't be able to get those things back. As support for XP erodes, so are the things you can use it for.

Fortunately, you can do without IE. Other browsers still work with XP, and they're still being supported. That means that you should try Firefox or Chrome as alternatives when you need access to Web pages, especially if you're an XP user. For everyone else, you should still stop using IE for now.

Fortunately, there is help. Symantec has released a batch file that unregisters a DLL file named VGX.DLL, which is needed to take advantage of the vulnerability. The batch file works on all modern versions of Windows and it will also help prevent other programs from reregistering VGX. The downside to using this fix from Symantec is that the programs that need it won't be able to use it and, as a result, also won't work.



 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel