posted on Apr, 29 2014 @ 02:15 AM
Microsoft rushes to fix browser after attacks;
no fix for XP users
(Reuters) - Microsoft Corp is rushing to fix a bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw
over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.
PCs running Windows XP will not receive any updates fixing that bug when they are released, however, because Microsoft stopped supporting the
13-year-old operating system earlier this month. Security firms estimate that between 15 and 25 percent of the world's PCs still run Windows XP.
Microsoft disclosed on Saturday its plans to fix the bug in an advisory to its customers posted on its security website, which it said is present in
Internet Explorer versions 6 to 11.
So, what have we here?
I read a similar news story in my local newspaper (De Telegraaf, Dutch) about this issue, in which it is stated that the US and UK governments are the
source for this alarming announcement. That immediately raised some red flags for me, because I would think Microsoft would be the one to announce
these sort of issues.
The press release quoted above by Reuters doesn't mention this at all, and indeed makes it look like it was announced by Microsoft.
However, I think it's a very convenient time to announce that virtually all Internet Explorer version still in use (6 to 11) are vulnerable.
Still, he [Aviv Raff, chief technology officer of cybersecurity firm Seculert, ed.] cautioned that Windows XP users will not benefit from that
update since Microsoft has just halted support for that product.
The software maker said in a statement to Reuters that it advises Windows XP users to upgrade to one of two most recently versions of its operating
system, Windows 7 or 8.
(Emphasis added by me)
Now we get to the meat of the article and what, in my opinion, is the real reason for this announcement: to scare users of Windows XP into upgrading
to Windows 7 or 8 and squeezing some more money from their mostly empty pockets.
If this "security leak" was real, then the best advice would be to switch to another browser, independent of your Windows version. I really think this
is a scam; that the security risk is either intentional or non-existent and that Microsoft is using its power to extort people into buying new
I've tried searching the Microsoft website for more technical information about this security leak, but I couldn't find anything about it. However,
the FireEye website has a detailed page on the exploit, which you can find
. (Thanks to BuzzCory for the link)
edit on 29/4/2014 by RationalDespair because: Added link to FireEye website
edit on 29/4/2014 by RationalDespair because: (no