Use Chrome or Firefox when browsing, and if possible remove Flash and Java (I actually removed Flash about half a year ago for security reasons, and found that, for the most part, I don't really need it anymore). Note that this exploit was performed with the help of Flash as well - nothing to do with XP.
For those whose flash lockin is Youtube content (Let's Play videos), I finally found an answer to questions I'd explored months ago. We are forced to allow flash before seeing some monetized content. It's annoying how Google refuses to give you flash-less webm and mp4 streams and even lies that Flash is a must --until you force the right browser identification strings.
The Video without flash extension for firefox is a welcome solution for Youtube and some other mainstream sites known to have HTML5 video content.
The extension gets around the problem and you can use content such as mid-quality Webm. Though there are a few bad videos still, it's 100 times more effective than the rigged HTML5 "trial" youtube offers. I enjoy longer battery life. I also enjoy skipping like in olden times *without* a crippled default flash player that insists on DISCARDING the full video's past and future on *every* click.