XP users set to miss out on IE patch

Summary:As Microsoft grapples with the latest Internet Explorer security issue, users of its now unsupported, but still popular, Windows XP will be bypassed by the fix.

Update: On May 1, Microsoft issued a patch for Windows XP

Microsoft is scrambling to repair a security hole in its widely used Internet Explorer web browser, saying it had detected attempts to exploit the flaw.

The US software giant said in a blog post the coding problem affected versions six through 11 of its flagship browser, noting it was aware of "limited, targeted attacks" taking advantage of the newly discovered flaw.

The exploit uses Flash and a technique called heap feng shui , which Microsoft says can allow an attacker who successfully exploits the vulnerability to gain the same user rights as a user.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," Microsoft said on its security website on Saturday.

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Cybersecurity firm FireEye, which took credit for identifying the flaw, said hackers were exploiting the bug in a campaign nicknamed "Operation Clandestine Fox."

Users still relying on Windows XP could be especially vulnerable because Microsoft stopped earlier this month supporting the older operating system with security patches and other software updates.

Despite the end of support for Windows XP being signalled by Microsoft for some time, and the software giant advising users to move to the more modern Windows 7 or Windows 8 versions of its operating system, Windows XP still enjoys a global market share of almost 29 percent, according to NetMarketShare.

Late last week, it was revealed that Microsoft was part of a consortium of tech giants that signed up to establish the Core Infrastructure Initiative , which will help secure and fund critical open source projects that are under-funded, of which OpenSSL will be the first.

Earlier this month, the Heartbleed flaw in OpenSSL saw everyone from website operators and bank officials to casual internet surfers and governments being told their data could be in danger.

Heartbleed allowed hackers to snatch packets of data from working memory in computers, creating the potential for them to steal passwords, encryption keys, or other valuable information.

Topics: Security, Microsoft, Windows

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.