What is Operation Clandestine Fox?
Last weekend an internet research lab announced a new security vulnerability in Internet Explorer. According to FireEye Labs, hackers have been taking advantage of the bug in targeted attacks of American websites.
The security flaw affects version 6 to 11 of Internet Explorer through a vulnerability in the Flash code for viewing photos and videos online. It allows hackers to gain user rights to the computer and take full control, installing software, viewing personal information, and accessing sites like Facebook and Twitter.
For hackers to gain this control the user is required to activate a malicious link, so it is extremely important to be watchful of the sites you’re visiting and the links you’re clicking – never run a code or program that you don’t trust completely.
According to Microsoft’s own press release, hackers exploiting this vulnerability have been targeting carefully selected American entities, including the Defense Department, in an attack they are calling Operation Clandestine Fox. However, since having been made public on April 26, other groups have begun to exploit it in more broadly targeted attacks.
What can you do?
In short, the best way to stay safe from this threat is to stay away from Internet Explorer and use another web browser, such as Firefox, Chrome, or Safari. Statistics show that more than 58% of internet users continue to browse with Internet Explorer.
Note: Windows XP will not receive a patch
Turning to operating systems, the most affected has of course been Windows XP. Don’t forget that, as we have already explained, since April 8 2014, Microsoft is no longer issuing security updates for the OS, which is still being used on more than 25% of worldwide computers. As a result of the end of support, security risks to Windows XP systems will continue to accumulate over time, and this vulnerability is just the first example. There will certainly be more (there may in fact already be).
If you’re still running Windows XP, view this incident as a call-to-action: The risks are real. This particular bug is so critical that the Department of Homeland Security in the United States has advised Windows XP users to stop using Internet Explorer altogether.
Our friends at Digital Trends have reported that "In a surprising reversal of policy, Microsoft has decided to issue a patch for Windows XP-based users of their Internet Explorer Web browser, Reuters reports. The flaw was slated to go un-patched for Windows XP, which would have permanently left the versions of Internet Explorer that are compatible with the dated OS vulnerable to the flaw… “We decided to fix it, fix it fast, and fix it for all our customers,” Microsoft spokeswoman Adrienne Hall said in a statement." (source)