Click to Skip Ad
Closing in...
  1. Best Alexa Devices
    08:06 Deals

    Amazon’s hottest smart home gadget is down to $19 today – and you can get a $4…

  2. Amazon Echo Auto Price
    13:16 Deals

    Add hands-free Alexa to your car for $19.99 with this Amazon deal

  3. MacBook Pro 2021 Price
    16:34 Deals

    Amazon slashed $200 off Apple’s M1 MacBook Pro, or get a MacBook Air for $899

  4. How To Save Money On Your Cable Bill
    11:47 Deals

    Make your cable company furious and save $120/year with this $56 Amazon purchase

  5. Amazon Gift Card Promotion
    11:46 Deals

    How you can get $15 from Amazon right now for free




Massive new security flaw is a big problem for Windows XP users

April 28th, 2014 at 6:55 AM
Internet Explorer CVE-2014-1776 Security Flaw

Microsoft on Sunday published a new security advisory warning users that a new vulnerability (reference number CVE-2014-1776) has been found to affect all Internet Explorer versions, from Internet Explorer 6 to Internet Explorer 11, although a fix for it isn’t available yet. The security issue has been discovered by security firm FireEye.

“The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft said. “An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

However, the flaw only works once a user has been convinced to visit a certain websites. Otherwise, the issue won’t harm Windows users. “In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability,” the company said. “In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

Furthermore, the security flaw reveals that “an attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” Thus, users whose accounts have fewer rights could be less impacted by others.

While it’s investigating the security threat, Microsoft advises users to “deploy the Enhanced Mitigation Experience Toolkit 4.1,” or EMET, which would add extra protection layers “that make the vulnerability harder to exploit. Additionally, users can also set the Internet and Local intranet security zone settings to “High” to block the ActiveX Controls and Active Scripting.

The company is aware of “limited, targeted attacks,” that attempted to take advantage of the flaw, but didn’t explain exactly what happened. FireEye said that the new Internet Explorer attack has been included in a hacking campaign against U.S. financial and defense companies, without providing further details.

The problem may be of particular concern to Windows XP users, considering that Microsoft does not support that particular Windows version anymore.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.




Popular News