There's a new Internet Explorer flaw and hackers are already exploiting it. The issue affects IE version 6 through to 11, which means Windows XP is affected, and according to Microsoft, the upcoming patch won't be released for that operating system.
Microsoft fix could be released in its monthly security update, or the company's special out of cycle release. However, whichever route Microsoft chooses to take on this journey, Windows XP users will be left in the cold to fend for themselves.
This is not surprising, because as of this month, Microsoft no longer supports Windows XP, which means the software giant will no longer release security updates for the platform. Users are asked to kindly update to a newer and safer version of Windows to escape from future issues that will plague Windows XP in the months and years to come.
Already, cyber criminals have found ways to exploit the bug, says Microsoft in a blog post. However, Microsoft only has knowledge of limited targets so far, but things could get out of hand, if a patch is not released soon.
With the flaw still in place, a cyber-criminal could gain the same administrative privileges as the legitimate user of the system.
What to do until the patch comes?
If you're on Windows XP, there's not much you can do to protect yourself unless you're interested in living without some features on the web. Using another browser might not help since Internet Explorer is deeply intertwined with the operating system. If you're on Windows 7 or Windows 8 with updated versions of Internet Explorer 10 and 11, just activate Enhanced Protected Mode if you haven't already.
This should help protect your system from hackers, along with the Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview.
"Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk," according to Microsoft in a statement.
Another way around this flaw is by simply disabling Adobe Flash, since the exploit relies on Flash to function, says cybersecurity firm FireEye.