It appears XP users are basically screwed.
No, just the ones that read Forbs and believe its over the top sensationalized version of the news.
Let's starts with the title:
Microsoft Races To Fix Massive Internet Explorer Hack: No Fix For Windows XP Leaves 1 In 4 PCs Exposed
This is simply bull shit. It's the same size hole as any other phishing scam level attack vector...and just as easy to spot.
FireEye also revealed a sophisticated hacker group has already been exploiting the flaw in a campaign dubbed ‘Operation Clandestine Fox’, which targets US military and financial institutions.
...And by that I'll just assume it to mean the NSA has found an method/reason/excuse to rummage through their sister agency's knickers drawer.
FireEye spokesman Vitor De Souza declined to name the hackers or potential victims as the investigation is ongoing, only telling Reuters: “It’s unclear what the motives of this attack group are at this point. It appears to be broad-spectrum intel gathering.”
I'll just go with world domination by the NSA here ... It's what everybody with any sense is thinking already anyhow.
For its part Microsoft has confirmed the existence of the flaw in an official post. It gave limited information on the bug, but admitted “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Oh FFS They did not! The exploit give the same rights that are assigned to the current user. If the user ain't an admin then neither is the bugg. Standard security practice here folks...there are reasons for them.
A Temporary Fix
While Microsoft rushes to fix the bug, FireEye gave concerned users two workarounds .
1. Use another web browser other than Internet Explorer
2. Disable Adobe Flash. “The attack will not work without Adobe Flash,” it said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”
While not the worst advice I've seen it is still again total bullshit! Flash is the most common target but CERT maintains that other file types can be used in the same fashion. That's why it's an IE bugg, and not a Flash bugg. But hay...no reason to keep the facts straight or anything Because driving off a cliff is perfectly safe as long as you do it backwards, right? Wrong!!!
The remaining drivel is just more idiotically panic toned RUN FOR YOUR LIVES!!!!!!!!!!!!!!!!!!!!! crap directed squarely at XP users ... Even though all MS OS's are equally as vulnerable as their security is configured.
The same basic sound security practices that "work" for Windows 8.1 will still work for XP.
The MS Enhanced Mitigation Experience Toolkit