Windows XP users, including at least one Central Texas government entity, are getting their first taste of life without security updates after the discovery of a major flaw within the Internet Explorer Web browser.
Microsoft Corp. issued a warning regarding the flaw last weekend, saying it affects Internet Explorer versions 6 through 11. The vulnerability makes it possible for hackers to take control of a user’s computer after it has been infected with malicious code.
The bug was discovered by FireEye, a security company, which said hackers are sending out emails with links to websites that contain malicious code. If users click on a link to one of these websites while using Internet Explorer, it is likely that hackers will gain control of their machines.
For now, security experts advise that Windows users avoid Internet Explorer until Microsoft issues a patch for the problem, which will likely happen May 13. But that patch will not protect users of Windows XP.
That’s because Microsoft stopped supporting Windows XP earlier this month. After 13 years of maintaining Windows XP, Microsoft said it would no longer issue security updates for the popular operating system.
Most Central Texas governments upgraded to a newer version of Windows beyond XP, but Killeen still has several computers using the older operating system.
“About half of our computers are using Windows XP, and most are using a version of Internet Explorer,” said Hilary Shine, city spokeswoman, in an email.
The city is aware of the issue and has taken precautions to avoid such an attack on a city computer. “We have up-to-date virus and malware software in place and are monitoring our systems to prevent or respond to hacking,” Shine said.
Microsoft urged users of Windows XP to either upgrade their operating systems or buy a new machine, because the company would not issue solutions for future vulnerabilities.
“This is the first critical Internet Explorer exploit that will not be fixed for Windows XP users ever,” said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, a security firm. “This exploit will stay working forever” until (Windows XP users) move to a different operating system.
Killeen has an annual replacement program, and the computers using the Windows XP operating systems are being replaced as part of the program as needed, Shine said.
Botezatu recommends Windows XP users do not use Internet Explorer ever again.
Those who wish to remain on Windows XP should use Web browsers that still support the outdated operating system.
Among those is Google Chrome. Last year, Google said Chrome will continue to support Windows XP at least until early 2015.
Botezatu said Mozilla’s Firefox also is a good option.
For now, Windows XP users have a way to work around the problem, but the next time a major issue is discovered, they may not be so lucky, he said.
Windows XP users should see this Internet Explorer incident as a lesson, because the next time hackers might find a bridge in a critical component of Windows, without which Windows itself would not work, Botezatu said.
Killeen Daily Herald staff writers contributed to this article.