UPDATE: The U.S. Department of Homeland Security advised computer users to consider using alternatives to Microsoft Corp’s Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.
The United States Computer Emergence Readiness Team said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer “could lead to the complete compromise of an affected system.”
BOSTON — Microsoft is rushing to fix a bug in its widely used Internet Explorer Web browser after a computer security firm disclosed a flaw over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.
U.S. Government Suggests that You Switch from Internet Explorer
PCs running Windows XP will not receive any updates fixing that bug when they are released, however, because Microsoft stopped supporting the 13-year-old operating system earlier this month. Security firms estimate that between 15 and 25 percent of the world’s PCs still run Windows XP.
Microsoft disclosed on Saturday its plans to fix the bug in an advisory to its customers posted on its security website, which it said is present in Internet Explorer versions 6 to 11. Those versions dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare.
Cybersecurity software maker FireEye said that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed “Operation Clandestine Fox.”
Other groups of hackers are now racing to learn more about it so they can launch similar attacks before Microsoft prepares a security update, Raff said.
“Microsoft should move fast,” he said. “This will snowball.”
Still, he cautioned that Windows XP users will not benefit from that update since Microsoft has just halted support for that product.
The software maker said in a statement to Reuters that it advises Windows XP owners to upgrade to one of two most recently versions of its operating system, Windows 7 or 8.