Microsoft warns of major Internet Explorer bug; no fix for Windows XP


Windows XP users are getting their first taste of life without security updates after the discovery of a major flaw within the Internet Explorer Web browser.

Microsoft issued a warning regarding the flaw this weekend, saying it affects Internet Explorer versions 6 through 11. The vulnerability makes it possible for hackers to take control of a user’s computer after it has been infected with malicious code.

The bug was discovered by FireEye, a security firm, which said hackers are sending out emails with links to websites that contain malicious code. If a user clicks on a link to one of these websites while using Internet Explorer, it is likely that hackers will gain control of their machine.


For now, security experts advise that Windows users avoid Internet Explorer until Microsoft issues a patch for the problem, which will likely happen on May 13. But that patch will not protect users of Windows XP.

That’s because Microsoft stopped supporting Windows XP earlier this month. After 13 years of maintaining Windows XP, Microsoft said it would no longer issue security updates for the popular operating system.

Microsoft urged users to either upgrade their operating systems or buy a new machine because the next time a major vulnerability was discovered, they would not be issued a solution for the problem. That time is now.

“This is the first critical Internet Explorer exploit that will not be fixed for Windows XP users ever,” said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, a security firm. “This exploit will stay working forever -- until [Windows XP users] move to a different operating system.”

Botezatu recommends that Windows XP users do not use Internet Explorer ever again. Instead, users should upgrade their operating systems or buy a new machine, but for those who wish to remain on Windows XP, they should use Web browsers that still support the outdated operating system.

Among those is Chrome. Last year, Google said Chrome will continue to support Windows XP at least until early 2015. Botezatu said Firefox is also a good option.


For now, Windows XP users have a way to work around the problem, but the next time a major issue is discovered, they may not be so lucky, Botezatu said.

Windows XP users “should see this Internet Explorer incident as a lesson because the next time hackers might find a bridge ... in a critical component of Windows, without which Windows itself would not work,” Botezatu said.