Microsoft’s Internet Explorer Gets Hit by ‘Operation Clandestine Fox’ -- What You Need to Know

The U.S. Department of Homeland Security has just advised Americans to not use Microsoft's (NASDAQ: MSFT  ) Internet Explorer browser until a serious security flaw can be resolved.

The flaw -- which allows malicious hackers to circumvent security measures in Windows operating systems when compromised websites are visited -- exploits a corrupted Adobe (NASDAQ: ADBE  ) Flash file to attack the victim's computer. FireEye Research Labs, which discovered the bug, has stated that the hackers exploiting the bug are calling the attack "Operation Clandestine Fox."

In response, Microsoft stated that it was working to repair the vulnerability in versions 6 through 11 of IE, although Windows XP users -- who lost support earlier this month -- will be left without a fix. Windows XP is still installed on 28% of the world's operating systems.

IE users should take measures to protect themselves from Clandestine Fox. Source: Microsoft.

However, Symantec (NASDAQ: SYMC  ) , the makers of Norton Antivirus, recently released a tool for XP users to protect themselves from the bug. Microsoft has advised downloading its Enhanced Mitigation Experience Toolkit version 4.1 to guard against attacks. FireEye has stated that disabling Adobe's Flash plugin can temporarily fix the issue across all platforms.

At the time of this writing, Microsoft has not released a fix for the bug yet -- a dire problem considering that nearly 57% of all PCs worldwide run one of the affected versions of IE.

What Operation Clandestine Fox means for Microsoft
Operation Clandestine Fox could mean a few things for Microsoft. First, it ironically benefits the company, since this could be the canary in the coal mine that tells late adopters that it's finally time to let go of XP.

However, that sales boost will come at the expense of Microsoft's reputation. Microsoft's operating systems -- both on PCs and Xbox consoles -- have long been riddled with security flaws.

ATMs running on Windows XP were repeatedly hit by USB drive and text-message based hacks. Last month, a 5-year-old boy discovered a security flaw in the Xbox One, simply by typing a series of spaces when prompted for a password. Problems like these often lead critics to claim that Linux distributions or Apple's (NASDAQ: AAPL  ) Mac OS are much safer alternatives to Windows.

95% of ATMs across the world still run on Windows XP. Source: Imgdonkey. 

Yet in reality, PCs running Microsoft Windows are popular targets for hackers simply because they comprise the vast majority of the computers in the world. It's simply a wasted effort to write a virus targeting Macs or Linux systems, which together only account for 5% of the world's computers.

What Operation Clandestine Fox means for Google
A Homeland Security-issued warning against Microsoft's Internet Explorer could be a boon for Google (NASDAQ: GOOG  ) (NASDAQ: GOOGL  ) Chrome, which accounts for 12.7% of all PC web browsers worldwide. If Microsoft can't solve its Clandestine Fox issue soon, Chrome could experience a spike in market share.

Google intends for Chrome to house its cloud-based apps, such as Drive, GMail, and YouTube, in a miniature operating system. This mini-OS approach has been seen before in Chrome OS and the Windows 8 version of Chrome, which adds a Google Apps-based taskbar to the bottom of the screen. Chrome's greatest advantage over IE is that it quietly synchronizes search histories, bookmarks, and even autocomplete form information across multiple devices.

Therefore, users abandoning IE for Chrome might eventually get drawn into Google's ecosystem, ditching Outlook for Gmail, OneDrive for Drive, and Bing Maps for Google Maps. That will lead straight to an increased dependence on Google's ecosystem -- the vital engine that keeps sales of Android devices churning along.

What Operation Clandestine Fox means for Adobe
While this is certainly a black eye for Microsoft, it could be far worse for Adobe, which has been struggling to convert itself from a packaged software company to a cloud-based subscription one.

Adobe's reputation was severely tarnished last October after hackers broke into its servers and stole customer account information and the source code for Adobe's top products such as Adobe Acrobat and ColdFusion. The theft of the ColdFusion source code is especially troubling, since it supports the newer HTML5 standard used by many mobile apps. As a result, hackers could use the ColdFusion source code as an open guidebook to create dangerous exploits.

Meanwhile, Adobe Flash, which was directly implicated in the Clandestine Fox hack, has been exploited many times in the past. Like Javascript, Flash can execute malicious code via a plugin on a webpage upon loading to circumvent a computer's security protocols and steal information.

In 2010, Steve Jobs called Flash "the number one reason Macs crash." He also cited Symantec's statement that Flash had "one of the worst security records." Four years later, Operation Clandestine Fox looks like a firm validation of Jobs' declaration.

The next step
At the moment, there's not much computer users can do except avoid using IE and disable Adobe's Flash plugins. However, the hackers behind Operation Clandestine Fox claim that the exploit is part of an ongoing campaign, which means that this "bug" could actually be much more vicious and dynamic than a simple virus.

The longer this debacle drags on, the worse it will get for Microsoft and Adobe. Microsoft will struggle with keeping its IE users from flocking to Chrome, while Adobe will have a tough time convincing its corporate customers that it takes cloud-based security seriously.

6 stock picks poised for incredible growth
They said it couldn't be done. But David Gardner has proved them wrong time, and time, and time again with stock returns like 926%, 2,239%, and 4,371%. In fact, just recently one of his favorite stocks became a 100-bagger. And he's ready to do it again. You can uncover his scientific approach to crushing the market and his carefully chosen six picks for ultimate growth instantly, because he's making this premium report free for you today. Click here now for access.


Read/Post Comments (15) | Recommend This Article (27)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On April 29, 2014, at 11:28 AM, stockdissector wrote:

    Informative piece Leo. Thanks.

  • Report this Comment On April 29, 2014, at 11:59 AM, Maelona wrote:

    I have disabled Flash on Firefox and I cannot see the videos on fool.com. Is there an alternative way to handle this so I can see the data on fool.com.

  • Report this Comment On April 29, 2014, at 12:08 PM, SunDevilDon wrote:

    There are other browser options besides Chrome that even Windows XP user's can consider, like FireFox and Opera. I've used FireFox for years and have been happy with it. But then, I also run Linux most of the time, so IE is a non-starter for me. :-)

    http://www.mozilla.org/en-US/firefox/new/

    http://www.opera.com/

  • Report this Comment On April 29, 2014, at 12:12 PM, SunDevilDon wrote:

    @Maelona I had the same problem and ended up re-enabling Flash. Hoping HTML5 will eventually eliminate the need fro Flash. :-(

  • Report this Comment On April 29, 2014, at 12:46 PM, Maelona wrote:

    Thanks SunDevilDon!

  • Report this Comment On April 30, 2014, at 8:20 AM, motleyLiam wrote:

    Seems like the attention should be on Adobe, for the Flash exploit, rather than the IE browser.

  • Report this Comment On April 30, 2014, at 9:27 AM, nkeaton wrote:

    HERE IN A NUTSHELL IS A FAIL SAFE WAY TO KEEP OR REINSTALL XP

    MALWAREBYTES PRO AND MICROSOFT SECURITY ESSENTIALS

    EXCLUDING EACH OTHER FOR EXTRA PROTECTION

    ZONE ALARM PRO WITH TOOLBAR FOR EXTRA PROTECTION.

    SANDBOXED (SANDBOXIE) WEB BROWSER

    KEYSCRAMBLER PROFESSIONAL

    LIFELOCK

    FIREFOX OR CHROME AND OPENOFFICE INSTEAD OF MICROSOFT OFFICE.

    NOTE: BECAUSE I HAVE YAHOO EMAIL, I HAVE TO RUN SANDBOXIE IN FIREFOX EACH TIME I WANT TO OPEN UP FIREFOX TO GET TO YAHOO SIGN-IN

    OTHER FILES ON MY PC I HAVE TO RUN SANDBOXIE ONLY ONCE.

  • Report this Comment On April 30, 2014, at 9:30 AM, nkeaton wrote:

    Sorry for the caps. i have a broken right hand and i need to see what i touch type.

  • Report this Comment On April 30, 2014, at 9:44 AM, nkeaton wrote:

    Here in a nutshell is a fail safe way to keep or reinstall XP

    Malwarebytes Pro and Microsoft Security Essentials excluding each other for extra protection.

    Zone Alarm Pro with Toolbar for extra protection

    Sandboxed (Sandboxie) web browser

    KeyScrambler Professional

    Likelock

    Firefox or Chrome and OpenOffice instead of Microsoft Office

    Note: Because if have Yahoo email, I have to run Sandboxie in Firefox each time i want to open up Firefox to get to yahoo sign-in

    Other files on my PC I have to run Sandboxie only once.

  • Report this Comment On April 30, 2014, at 10:50 AM, eldernorm wrote:

    Hmmmm, not a bad article but when writers post the old myth... "Yet in reality, PCs running Microsoft Windows are popular targets for hackers simply because they comprise the vast majority of the computers in the world. It's simply a wasted effort to write a virus targeting Macs or Linux systems, which together only account for 5% of the world's computers." they lose serious credibility.

    Mac computers have been increasing every year over the last 5 years and PCs have been declining, big time. Also, most bloggers use windows used in gas pumps, kiosks, etc that while are sales numbers are not really on computers as we know them.

    Last thought. If we look at tablets (high level ones not the $59 specials) we see Apple selling the most computers in the world.

    OK, off my soap box, but I feel its a point well made. Apple hardware is growing by leaps and bounds and while its not the largest in the world, as you pointed out "In 2010, Steve Jobs called Flash "the number one reason Macs crash." He also cited Symantec's statement that Flash had "one of the worst security records." Four years later, Operation Clandestine Fox looks like a firm validation of Jobs' declaration."

    ALso, the most recent SSL issue does not affect Macs as they moved off that protocol years ago.

    Just saying.

  • Report this Comment On April 30, 2014, at 2:27 PM, JoeLemon wrote:

    Everything you just said was actually wrong. Macs were gaining market share for a while, but the last few years Macs have been losing market share. PC sales have been declining, but so have Mac sales. Even the iPad isn't selling well. The ipad badly undersold what it was expected too. People aren't buying because a 3-4 year old device works fine.

    Every year there is a hacker convention where they try to break in Mac, different versions of Linux and Windows. Every year Mac is far and away the worst. They usually can break into it in less then 30 mins where Windows might take a couple hours. In fact 25% of all macs have a virus/malware. People have this idea that there is going to be some popup saying you have a virus. 90% of them run in the background without you even knowing you have it. Since mac people think they can't get a virus they use 0 common sense and get them.

    SSL is on the server not the computer. It is the web site you connect to that has the issue. Apple fanboys don't know anything at all but are big know it alls. If apple didn't support SSL then any website you went to that required it wouldn't work. That is all web sites that require you to login. It is also the web browser that supports it not the OS.

  • Report this Comment On April 30, 2014, at 2:28 PM, JoeLemon wrote:

    Oh and it is Windows CE not windows in those type of machines. They aren't counted with the regular windows sales.

  • Report this Comment On April 30, 2014, at 6:34 PM, DKtucson wrote:

    Linux pc's make up a HUGE percentage of the server market as well as tablets and any flavor of android. Net-top pc's running Ubuntu are being sold like hotcakes from outlets like newegg.com. The truth of the matter is that in a linux desktop you must have root privaleges to install anything and code is scrutinized by the open source community for any chicanery and yes, there is AV for linux--normally used on a server side to scan mail destined for windows users

  • Report this Comment On April 30, 2014, at 11:12 PM, RonHyatt wrote:

    Hey, Motley Fool? Just now figuring that out? Most of us have know that IE was a security breach sinc 1998, at least. So, how great is your investment advice?

  • Report this Comment On May 01, 2014, at 12:18 AM, Theinsultedelf wrote:

    Just how much is M$ paying all these hacks in all these articles to bash XP every chance they get. It's not going to get people to buy new computers infected with that mobile phone OS called Win8 .

    We get it M$ you irresponsibly dropped support for XP which still has ~30% of the market if no more to try and force people against against their will to change.

    We get it M$ you are punishing customers that refuse to upgrade to newer OS's buy throwing them under the bus. T

    Unless M$ plans on replacing my quad gaming rig which the lightening fried and that I had my beloved Win7 64 on it, I am stuck using this backup single core P4 rig and XP for the foreseeable future. Sorry M$ but $100 don't help me at all.

    As for IE it's been garbage for years. I switched to Foxfire an then to Chrome which is what I use now.

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 2934181, ~/Articles/ArticleHandler.aspx, 11/20/2014 10:04:15 PM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement