The hackers are calling it Clandestine Fox. It’s a hack that affects Internet Explorer users running Adobe Flash (so, that’s most or all of them). It works on any version from 6 through 11, though versions 10 and 11 are targets. And it can compromise your PC.
Here’s how it works: by injecting a bit of code into a site that you like to visit, and then having you visit that site, the code can infect your PC and assist a hacker in gaining access to it.
What does the fox say? “Don’t use Internet Explorer.”
Microsoft might release a fix between now and their usual patch period, the second Tuesday of the month, but there’s no guarantee. The catch is, this fix only works on operating systems newer than Windows XP. There is no fix for XP planned, because Microsoft has discontinued support. What we were afraid of has happened — the first major hack that takes advantage of the lack of security updates for that old operating system. This is only the first of many, so it’s a good idea to cease using XP sooner, rather than later.
If you’re using Vista, Windows 7, or Windows 8, and you’re waiting on a fix, the best solution is to either disable Flash in IE completely (in other words, uninstall it from Control Panel) or use a different web browser, like Google Chrome or the newly redesigned Mozilla Firefox.
Microsoft has a lot more details about Clandestine Fox on their site, as well as a few complicated workarounds that are outside the scope of this article. If you’re unwilling or unable to use another browser, you might want to give these workarounds a try. Again, these aren’t fixes, as Microsoft hasn’t released one yet.
Update
Microsoft decided to release a patch today, May 1, 2014, and they even patched Windows XP, something Microsoft previously said they wouldn’t do. Grab the Internet Explorer patch here for all versions of Windows.