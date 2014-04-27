| BOSTON, April 27
BOSTON, April 27 Microsoft Corp is
rushing to fix a bug in its widely used Internet Explorer web
browser after a computer security firm disclosed the flaw over
the weekend, saying hackers have already exploited it in attacks
on some U.S. companies.
PCs running Windows XP will not receive any updates fixing
that bug when they are released, however, because Microsoft
stopped supporting the 13-year-old operating system earlier this
month. Security firms estimate that between 15 and 25 percent of
the world's PCs still run Windows XP
Microsoft disclosed on Saturday its plans to fix the bug in
an advisory to its customers posted on its security website,
which it said is present in Internet Explorer versions 6 to 11.
Those versions dominate desktop browsing, accounting for 55
percent of the PC browser market, according to tech research
firm NetMarketShare.
Cybersecurity software maker FireEye Inc said that
a sophisticated group of hackers have been exploiting the bug in
a campaign dubbed "Operation Clandestine Fox."
FireEye, whose Mandiant division helps companies respond to
cyber attacks, declined to name specific victims or identify the
group of hackers, saying that an investigation into the matter
is still active.
"It's a campaign of targeted attacks seemingly against
U.S.-based firms, currently tied to defense and financial
sectors,"
FireEye spokesman Vitor De Souza said via email. "It's unclear
what the motives of this attack group are, at this point. It
appears to be broad-spectrum intel gathering."
He declined to elaborate, though he said one way to protect
against them would be to switch to another browser.
Microsoft said in the advisory that the vulnerability could
allow a hacker to take complete control of an affected system,
then do things such as viewing changing, or deleting data,
installing malicious programs, or creating accounts that would
give hackers full user rights.
FireEye and Microsoft have not provided much information
about the security flaw or the approach that hackers could use
to figure out how to exploit it, said Aviv Raff, chief
technology officer of cybersecurity firm Seculert.
Yet other groups of hackers are now racing to learn more
about it so they can launch similar attacks before Microsoft
prepares a security update, Raff said.
"Microsoft should move fast," he said. "This will snowball."
Still, he cautioned that Windows XP users will not benefit
from that update since Microsoft has just halted support for
that product.
The software maker said in a statement to Reuters that it
advises Windows XP users to upgrade to one of two most recently
versions of its operating system, Windows 7 or 8.
(Reporting by Jim Finkle; Editing by Diane Craft)