To Customer Support To Customer Support

Hackers Find First Post-Retirement Windows XP-Related Vulnerability

  • 28 April 2014
  • 2 replies
  • 1409 views
Petrovic
Rank
Userlevel 7
Badge +52
Microsoft on Saturday told customers that cybercriminals are exploiting an unpatched and critical vulnerability in Internet Explorer (IE) using "drive-by" attacks.
"Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11," the company said in a security advisory.
 
According to Microsoft, the attacks have been launched against IE users tricked into visiting malicious websites. Such attacks, dubbed "drive-bys," are among the most dangerous because a vulnerable browser can be hacked as soon as its user surfs to the URL.
All currently-supported versions of IE are at risk, Microsoft said, including 2001's IE6, which still receives patches on Windows Server 2003. The same browser will not be repaired on Windows XP, as the operating system was retired from patch support on April 8.
 
The IE flaw was the first post-retirement bug affecting XP.
And that's important.
Because Microsoft will eventually patch the drive-by bug in IE6, IE7 and IE8, then deliver those patches to PCs running Windows Vista and Windows 7, it's likely that hackers will be able to uncover the flaw in the browsers' code, then exploit it on the same browsers running on Windows XP.
Microsoft said that was the biggest risk of running XP -- and IE on it -- after the operating system was retired, claiming last year that XP was 66% more likely to be infected with malware once patching stopped.
 
Full Article
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup

2 replies

nic
Userlevel 7
Badge +56
It was only a matter of time.
Baldrick
Rank
Userlevel 7

WONTFIX: Hackers seize Internet Explorer bug, no patch for Windows XP

https:///t5/Security-Industry-News/WONTFIX-Hackers-seize-Internet-Explorer-bug-no-patch-for-Windows/td-p/104422 35 seconds ago

IE 6 to 11 puts Win PCs at risk of hijacking, fix coming – but not for dead OSes

By Simon Sharwood, 27 Apr 2014   Microsoft has warned of a new flaw in all available versions of its Internet Explorer web browser.
 
Vulnerability CVE-2014-1776, to give the problem its formal name, allows miscreants to hijack at-risk Windows computers. It's all due to “the way Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated”, the software giant explained on Saturday.
 The flaw means the browser “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer".
 
"Microsoft is aware of limited, targeted attacks that attempt to exploit [this] vulnerability in Internet Explorer," the software giant added.
 
"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
 
 
 
Full Article
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.