14 DAY TRIAL // A zero-day flaw in Internet Explorer that was found in April and patched by Microsoft one week after that is still being exploited in Australia, according to security firm FireEye.
In a report published on ZDNet, FireEye warns that business computers in resource and mining, financial services, and telecommunications industries are being targeted right now, but more users could be targeted by similar attempts in the near future.
FireEye ANZ engineering manager, Rich Costanzo, explained that although Microsoft already released a patch to address this issue, some business computers are yet to be updated, so they might still be vulnerable to attacks. Microsoft's patch was aimed at all OS versions on the market, including Windows XP, which reached end of support on April 8.
“This is clear proof that what we're seeing globally in terms of zero days and breaches is happening here in Australia. Not only that, it's happening in record time. In fact, less than 72 hours after the IE vulnerability became known we were detecting it here,” Constanzo explained, pointing out that this is the first attack supposed to exploit this vulnerability in Australia.
The easiest way to stay on the safe side right now is to update your computer and deploy the latest patches rolled out by Microsoft. Of course, upgrading to a newer OS version could also help, but keep in mind that Windows XP is one of the platforms that actually got patched and is no longer affected by this zero-day flaw.
“The idea with a vulnerability like that is even though there is a patch released it potentially takes a while for that patch to take wide spread use and for everyone to have that installed, so a vulnerability does continue even though a patch is available. This particular one also had multiple reiteration. The first was focused on IE versions 9 to 11, and a few days later we saw a second reiteration attack that was was focused on Windows XP and IE 8,” Constanzo continued.
FireEye's expert also explained that moving off Windows XP should also be a priority for those who are still running this particular OS version, and although Microsoft addressed this flaw with a previous update, new vulnerabilities could actually expose your data and make your system open to attacks.
Approximately 26 percent of the desktop computers in the world are still running Windows XP right now, according to third-party statistics.