James Delahunty
29 Apr 2014 6:43
The revelation of a vulnerability affecting all supported versions of Internet Explorer this week highlights the risks of continuing to run Windows XP without Microsoft's support behind it.
Earlier this month, Microsoft finally ended support for the Windows XP operating system after close to 13 years since it was first released. Coming up to that date, the Redmond-based giant persistently warned users clinging to the OS that it will be become far more risky to keep running Windows XP going forward.
Many home users, and even corporate/governmental networks still run Windows XP on systems. The UK government even paid Microsoft millions to provide extended support to avoid upgrading thousands of PCs that still run XP. For consumers and most businesses running XP though, there is no extended support.
This week, Microsoft has revealed a major vulnerability in Internet Explorer affecting all supported versions across all client operating systems, and didn't rule out an out-of-cycle update to fix the problem. Such an update is likely to be released with reports of the vulnerability being exploited in the wild, and with Patch Tuesday still a couple of weeks away.
For the vast majority of XP users however, there may be no patch. There have already been appeals to Microsoft to push out a patch on Windows XP systems too, but that's not likely to happen. Of course, some of the workaround methods proposed by Microsoft could help protect users of IE on Windows XP from this flaw, or an unofficial patch may surface.
Both of those solutions have problems however, the first being that workarounds (including disabling ActiveX and changing security settings) may break the functionality of some websites, and unofficial patches may be untrustworthy or have unintended consequences.
A third and more obvious option is to stop using Internet Explorer altogether, and both the UK and U.S. governments have urged avoidance of IE until it is patched on all Windows operating systems. However, even that can be problematic depending on the environment the PC is used in. In some corporate environments, IE is the be-all and end-all of browsers, and alternative browsers may not work with internal applications that make use of it.
For most consumers still running XP though, avoiding IE is a no-brainer, since alternatives like Firefox and Chrome will still receive security updates.
Nevertheless, this is the first major example of the risks of continuing to use Microsoft's dated operating system. This month it is a flaw in Internet Explorer, but what about next month? Eventually, a vulnerability will be found that will likely affect multiple operating systems, including XP, and only XP will remain unpatched.
Clinging to the past is never a good idea, and in this case it could be costly to do so. If you run Windows XP, find an alternative now before you have more reasons to do so.
Sources and Recommended Reading:
Microsoft Security Advisory 2963983: technet.microsoft.com