Internet Explorer Exploit Leaves XP Users High and Dry

NEWS ANALYSIS: Even when a fix is developed for the latest IE threat, Windows XP users won't get it. That's a good reason for them to upgrade their OSes.

Microsoft security

A new vulnerability reported by Microsoft that allows an attacker to install malware and then execute it while bypassing the user's security is the best reason yet to move away from Windows XP if you're still among the millions of users who haven't moved to something newer. But the remote code execution vulnerability affects every version of Windows, and every version of Internet Explorer from version 6 through version 11.

This vulnerability, which can be triggered by visiting an infected Website or opening an HTML email, is so serious that the U.S. Department of Homeland Security's US-CERT (Computer Emergency Readiness Team) is recommending that you stop using IE entirely until Microsoft is able to fix the problem. This means that not only should you not browse the Internet using IE, but you should change your default settings so that clicking on a link doesn't open it and change your email settings so that HTML messages use a different browser.

According to security researchers at FireEye, who found the vulnerability originally, it uses a previously known flash exploitation technique to allow code execution in portions of memory normally reserved for data. While the technique was known, the particular exploit method was not known until it was being employed to install malware.

Fortunately, Microsoft has a workaround that is available for enterprise users—the Enhanced Mitigation Experience Tookkit, which is available for download. While the EMET will work with Windows XP, it does not provide a complete solution. With XP, the only real solution is to avoid running Internet Explorer. You should also set your security zone settings to "high." This will block ActiveX and Active Scripting, which in turn means that some Websites won't work properly.

There are a number of other measures to help limit damage from this vulnerability. These are listed in the Microsoft security advisory in the first link at the top of this column. What Microsoft isn't saying is that you should avoid IE until a fix is released.

For XP users, that fix will never come. While most of Microsoft's recommendations for workarounds will work, the fact is that they work at the price of reduced functionality. Some of the things you like to do on the Web won't work if you follow Microsoft's instructions, and you won't be able to get those things back. As support for XP erodes, so are the things you can use it for.

Fortunately, you can do without IE. Other browsers still work with XP, and they're still being supported. That means that you should try Firefox or Chrome as alternatives when you need access to Web pages, especially if you're an XP user. For everyone else, you should still stop using IE for now.

Fortunately, there is help. Symantec has released a batch file that unregisters a DLL file named VGX.DLL, which is needed to take advantage of the vulnerability. The batch file works on all modern versions of Windows and it will also help prevent other programs from reregistering VGX. The downside to using this fix from Symantec is that the programs that need it won't be able to use it and, as a result, also won't work.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...