IE is one of the apps that received fixes as part of Patch Tuesday
Windows XP is still powering 25 percent of the desktop computers out there, and with every single Patch Tuesday, the operating system is becoming more vulnerable to attacks, as the glitches that Microsoft fixes every month also exist in XP.So is the case with this month's Patch Tuesday, which Microsoft “celebrated” with six different bulletins supposed to address a total of 29 vulnerabilities in its software, including Windows and Internet Explorer.
Of course, Windows XP users who haven't turned to registry hacks to keep their systems updated are left out of this Patch Tuesday, so security experts across the world rushed to recommend them to ugprade to a newer operating system or give up on Internet Explorer for another browser.
Wolfgang Kandek, CTO, Qualys, Inc., said in a statement today that most of today's fixed flaws could also exist in Windows XP, so it's critical for users not necessarily to update, but at least to replace Internet Explorer with another browser that still receives patches, such as Google Chrome or Firefox.
“For Windows XP users: The majority of these vulnerabilities apply to your operating system, except the WIndows Journal application and Windows Service Bus weaknesses. The Internet Explorer vulnerabilities can certainly be exploited on XP as well as the Flash problem. XP users should evaluate urgently using a supported browser if they cannot move away from the operating system,” Kandek said.
The Internet Explorer flaw, which is also said to affect versions running on Windows XP, allows an attacker to run remote code on your computer with the help of a compromised website hosting malicious content.
All versions of Internet Explorer are affected by the flaw, starting with the old IE6 and ending with the newer IE11, which Microsoft made the default browser in Windows 8.1.
“MS14-037 addresses 24 vulnerabilities in Internet Explorer (IE), almost all user-after-free type vulnerabilities and is valid for all versions (6-11) of Microsoft’s browser. There are no 0-days open for IE, which would dictate the shortest turn-around possible for the installation of the patch, but nevertheless IT admins should schedule the IE patch for a quick installation,” Kandek explained.
Since so many users prefer to stick to Windows XP for the time being, an advice to switch to a different browser pretty much makes sense, so you should at least give Chrome or Firefox a try if you're yet to upgrade.