Windows XP Users at Risk – Upgrade now if at all possible!

Microsoft announced over the weekend that all versions of Internet Explorer have a “serious security hole” that hackers can use to take over a computer and hijack your computer. 

In their announcement, Microsoft stated that they are aware of limited, targeted attacks that have exploited this vulnerability. The vulnerability, which is found in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows “remote code execution.” This type of attack works when a hacker sets up a website that unknowingly installs malware on the targeted PC when you visit it. If you stumble across one of these websites while browsing using Internet Explorer, the malware can be installed and allow the hacker total control of your computer without you noticing it.

For those interested in the technical details of this vulnerability, security firm FireEye, who Microsoft credits with discovery of the bug, published this article on Friday, April 26.

Hackers are already targeting US financial service and defense contractors, and meanwhile Microsoft is scrambling to create patches and recommend workarounds.

What’s particularly important to note is that, as we covered in an earlier blog post, Microsoft stopped supporting Windows XP earlier this month and therefore won’t be uploading patches for new vulnerabilities as they are found, including a fix for this new-found IE security flaw.

So, if you are running XP on your computers and use Internet Explorer as your preferred Internet browser, what should you do?

1. If at all possible, upgrade your XP operating system to Widows 7 or Windows 8.1. This is the first of many future vulnerabilities that hackers will use to exploit XP.
2. You could switch to Firefox, Chrome or other browser and discontinue use of Internet Explorer on all computers running XP. Of course, this solution works for this problem, but not necessarily for future XP vulnerabilities.
3. Since the vulnerability works by using a Flash exploitation to access memory and bypass Windows’ ASLR and DEP protections, you can disable Adobe Flash Plug-In in Internet Explorer.  This will likely ruin your online experience, however, as many websites rely on Flash to distribute their content.
4. Finally, sophisticated users–hospitals and other large organizations–can follow recommendations in Microsoft’s security advisory.

Your HIPAA security risk analysis should be an ongoing process—and organizations should work to understand the specific impacts for your organization based on your unique situation.