Cybersecurity

Another Windows XP vulnerability exposed

broken lock

A recently exposed flaw in a popular Internet browser has reinforced a warning from the Homeland Security Department that federal and state governments still using the dated Windows XP operating platform are increasingly vulnerable to cyberattackers.

Two weeks after DHS warned law enforcement to expect an increase in attacks on XP users after Microsoft stopped supporting the platform April 8, a vulnerability in the Windows Internet Explorer browser could be compounded on XP-based systems.

The new exploit, uncovered April 26 by cybersecurity provider FireEye, takes advantage of a flaw in IE versions 6-11. Microsoft has made patches available, but users still running XP are out of luck.

"Our testing confirmed that the vulnerability crashes Internet Explorer on Windows XP," said an April 26 statement from Symantec.

Fire Eye said April 26 that "threat actors are actively using this exploit in an ongoing campaign which we have named 'Operation Clandestine Fox,'" adding that it wasn't providing details because of an ongoing investigation.

The U.S. Computer Emergency Readiness Team said April 28 it "is aware of active exploitation of a ... vulnerability in Microsoft Internet Explorer," and recommended users and administrators enable Microsoft’s mitigation package "where possible and consider using an alternative web browser."

Microsoft warned that the vulnerability can corrupt a users' computer memory. The software provider said attackers persuade victims to visit a target, typically by getting them to click a link in an email or instant message that takes users to a website tailored to exploit the machine. The browser flaw allows attackers to take control of some of the computer’s memory and essentially become an authorized user themselves.

In March, DHS warned that attackers had used the aging XP platform to crack the computer of an unnamed government user and access data on the device. The specific IE coding flaw uncovered by FireEye apparently wasn't involved in that attack, however.

According to a March 11 DHS memo to law enforcement, a federal employee using a virtual private network was fooled into calling a fake computer help line number that subsequently enabled a bogus help desk operator to gain access to the computer's hard drive. DHS and the FBI warned in the unclassified/for official use only memo that after April 8, cyber criminals could see an opportunity to dial up the volume on fake emails and cold calls in a new round of help desk cons targeting XP users.

XP remains one of the most popular operating systems in the world, according to StatCounter's GlobalStats data

The Wall Street Journal reported April 1 that cybersecurity firm Qualys estimated that more than 10 percent of computers used in government and corporations worldwide would still use the 12-year-old XP operating system after April 8.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.