Internet Explorer 8 allegedly has a serious security flaw that would allow an attacker to remotely take control of a user's computer. And since Windows XP users can't upgrade to a more modern version of the popular browser and won't be receiving any more official security updates, it's XP users who are most at risk.
What's more, Microsoft allegedly knew about this flaw back in October, and did nothing, according to Zero Day Initiative, an HP-sponsored program that rewards security experts for finding software flaws. Since that time, Microsoft has stopped issuing security updates for Windows XP and all programs for that operating system, effectively leaving XP users stuck with a flaw it allegedly had time to fix.
Discovered by Belgian security researcher Peter Van Eeckhoutte of ZDI, this IE 8 bug reportedly has to do with remote code execution, which is when criminals seize control of an affected computer, allowing them to download malware without the user's knowledge.
To do so, the criminals would have to trick users into using IE 8 to visit a webpage infected with specially crafted malware designed to seek out and exploit this specific flaw.
IE 8 is the only version affected by this flaw. Microsoft might still patch IE 8 on its more recent operating systems such as Vista, but it's unlikely that the XP version of IE 8 will ever get another security update, and XP is where IE 8 is most widely used.
On April 8 Microsoft issued its final security patches for Windows XP, including patches for other IE flaws. Even after that, Microsoft released one more emergency patch for Internet Explorer 6 through 11, including Internet Explorer 8 on Windows XP, which addressed a different zero-day flaw.
ZDI says that on May 8 it told Microsoft that it would go public with the Internet Explorer 8 flaw it found. Today it did so, posting an advisory on its website.
The Internet Explorer 8 issue is a "use-after-free" flaw, which has to do with memory allocation. In IE 8, it pertains to the way the browser handles CMarkup objects.
Despite being no longer supported, an estimated 20 to 30 percent of users worldwide still use Windows XP. That means a good number of them use Windows 8, the default browser on that system.
If you're still using Windows XP and you can't update for whatever reason, you should stop using Internet Explorer. Instead, use a browser such as Chrome, Firefox or Aviator, all of which continue to support their XP versions.
You should also be hyper-vigilant about any kind of suspicious emails, hyperlinks or popup advertisements. Do not click on anything unless you trust its source.
