It’s difficult for us to advise organizations to spend money, but sometimes it has to be done.
In this case, if you haven’t already done so it’s time to do some heavy thinking about getting off Windows XP.
It’s a fine operating system, but it is stuck with Microsoft’s Internet Explorer 8, an outdated browser. Only WinVista, Win7 and Win8 can use the safer IE9 and IE10. Smart organizations still on WinXP insist staff use Firefox or Chrome.
Globally, an estimated 45 per cent of desktops were still using XP a year ago, although that includes consumer and corporate environments. IDC Canada believed that as of last September about 30 per cent of of commercial portable PCs in Canada were running WinXP (with just over 61 per cent on Win7.)
It matters because as 2012 closed Microsoft issued a quick fix for a vulnerability that has been discovered in IE8, 7 and 6.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This patch will have to do until Microsoft delivers a formal fix.
Naked Security, the blog of security firm Sophos, said one Web site is known to have carried the vulnerability, that of the Council on Foreign Relations.