Microsoft warned many of its customers that they were on
their own earlier this month when it stopped supporting XP, an older but still
widespread version of its Windows operating system. The software remains
functional, but Microsoft won’t fix its newly discovered security holes,
leaving those who haven’t upgraded to a newer version vulnerable to a future
hacking attack. It didn’t take long to find one.
Over the weekend, computer security company FireEye said it
had noticed a number of attacks on U.S. firms via a vulnerability in various
versions of Microsoft’s Internet Explorer. If successful, the attacks can force
a computer to run code of the attacker’s choosing, which could extract data or
send spam. More than 26 percent of desktop computers used the affected browsers
last year, according to NetMarketShare. FireEye gave the attack a
name—Operation Clandestine Fox—but wouldn’t say much about the extent or
targets of the attacks.
Microsoft is working on fixing the IE problem. The fix,
though, will not be sent to machines running XP. As of the beginning of this
month, XP was the world’s second-most-popular operating system in terms of
Internet usage, according to StatCounter, and was the OS of choice of more than
18 percent of Internet users. In an e-mail to Reuters, the company suggested
that people update their systems.
There are other things that could protect XP users from
attacks. The vulnerability exists in a Web browser, which means that it can
only be exploited if victims use that browser to visit a website designed to
attack them. “An attacker would have no way to force users to visit these
websites,” wrote Microsoft in a security advisory. “Instead, an attacker would
have to convince users to visit the website, typically by getting them to click
a link in an email message or Instant Messenger message.”
This almost certainly means that this won’t lead to the
kinds of devastating attacks on ATMs some security experts wrung their hands
about earlier this year. Many ATMs and other industrial computers have been
built around their operating systems, making it a difficult task to upgrade to
a new OS. As a result, many continue to run XP even though their makers had
ample warning to switch to a newer version of Windows.
Aravinda Korala, the chief executive of KAL ATM Software,
wrote earlier this month that any ATM Armageddon is a ways off. “Most bank ATMs
are very well protected,” he wrote in ATM Marketplace, a trade publication.
“They are connected on a private network with no Internet access. They are
locked down tightly so that only the minimum functionality necessary for the
ATM to operate is allowed.” For one thing, ATMs don’t click on suspicious
links.
For more help and tips, check out www.MooreITHelp.com
For more help and tips, check out www.MooreITHelp.com