Windows XP users are getting their first taste of life without security updates after the discovery of a major flaw within the Internet Explorer web browser.
Microsoft Corp. issued a warning regarding the flaw this weekend, saying it affects Internet Explorer versions 6 through 11. The vulnerability makes it possible for hackers to take control of a user’s computer after it has been infected with malicious code.
The bug was discovered by FireEye, a security company, which said hackers are sending out emails with links to websites that contain malicious code. If users click on a link to one of these websites while using Internet Explorer, it is likely that hackers will gain control of their machines.
For now, security experts advise that Windows users avoid Internet Explorer until Microsoft issues a patch for the problem, which will likely happen May 13. But that patch will not protect users of Windows XP.
That’s because Microsoft stopped supporting Windows XP earlier this month. After 13 years of maintaining Windows XP, Microsoft said it will no longer issue security updates for the popular operating system.
At the time, Microsoft urged users either to upgrade their operating systems or buy a new machine, because the company would not issue solutions for future vulnerabilities.
“This is the first critical Internet Explorer exploit that will not be fixed for Windows XP users ever,” said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, a security firm. “This exploit will stay working forever – until (Windows XP users) move to a different operating system.”
Botezatu recommends that Windows XP users not use Internet Explorer ever again. Those who wish to remain on Windows XP should use web browsers that still support the outdated operating system.
Among those is Google’s Chrome browser. Last year, Google said Chrome will continue to support Windows XP at least until early 2015. Botezatu said Firefox is also a good option.
For now, Windows XP users have a way to work around the problem, but the next time a major issue is discovered, they may not be so lucky, Botezatu said.
Windows XP users “should see this Internet Explorer incident as a lesson, because the next time hackers might find a bridge … in a critical component of Windows, without which Windows itself would not work,” Botezatu said.