* This article has been updated.

It's been just three weeks since Microsoft ceased support for Windows XP, and it has already been announced that a vulnerability in all versions of Internet Explorer from 6 up through 11 would allow a complete compromise of the affected system.

This vulnerability is present on Windows XP, which comes with Internet Explorer version 6, and supports Internet Explorer 7 and 8.  Due to Windows XP's end of life, this flaw will never be patched on Windows XP, leaving a significant percentage of computer users with an unsupported, potentially insecure operating system.

The only safe way to continue using Windows XP at this point is to immediately cease all usage of Internet Explorer.

NOTE: Before using either of these methods, it's a good idea to make sure you have another browser already installed on the computer, as it would be difficult to download the installer without any browser.

Some suggestions:

Mozilla Firefox

Google Chrome

 

For Windows XP Pro

NOTE: This is a more complicated method than the next one listed, but it's also more difficult to reverse by someone using your computer, so it's probably safer in the long run.

On Professional versions of Windows XP, this can be enforced using group policy, either on a domain networked computer, or a standalone computer. For a standalone computer, follow these steps under an administrator account:

  1. Click Start, then Run....
  2. In the Run dialog, type gpedit.msc and click OK. This will bring up the Group Policy editor.
  3. In the left hand frame, under the User Configuration tree, double click Administrative Templates.  This will expand a subtree.
  4. Within this expanded subtree, click System.
  5. In the right hand frame, find the entry for Don't run specified WIndows applications.  Double click it.  This will bring up the settings dialog for the configuration option.
  6. Click the Enabled radio button (the "circular checkbox") close to the top. This should enable the Show... button beside List of disallowed applications.
  7. Click the Show... button. This will bring up the list of currently disallowed applications (titled Show Contents), which is probably empty.
  8. Click Add... at the right hand side.  In the text box that comes up, type iexplore.exe and click OK.
  9. Click OK in the Show Contents window.
  10. Click OK in the Don't run specified Windows applications Properties window.
  11. Close the Group Policy editor.

 

For Windows XP Home or Pro

For computers running Windows XP Home with at least the Service Pack 1 update, the following is the only easy method to prevent Internet Explorer from running, although this method also works on Windows XP Pro with SP1:

  1. Click Start, then All Programs.
  2. At the very top of the program list, there should be an entry for Set Program Access and Defaults. Click it.
  3. In the dialog box that displays, there are three radio buttons: Microsoft WindowsNon-Microsoft, and Custom. Click the Custom radio button.
  4. In the section for Choose a default Web browser, find the entry for Internet Explorer, and clear the checkbox labelled Enable access to this program
  5. Click OK, and all standard shortcuts for Internet Explorer in the start menu, and on the desktop, should be deleted.

 

UPDATE: Regardless of the fact that Windows XP was out of support when this vulnerability was discovered, Microsoft did, in fact, decide to release a patch for XP.

Despite this, another vulnerability was announced on May 21, 2014, by ZDI, (after notifying Microsoft of the problem on Oct 11, 2013) that will similarly provide the ability for an attacker to completely compromise your computer.  As of now, no announcement has been made by Microsoft to fix this problem on Windows XP, so the danger of using Windows XP has increased significantly since its April 8 end of life.

Computer Services