NEW YORK (TheStreet) -- Researchers have uncovered a major new vulnerability for most versions of Microsoft's (MSFT) Internet Explorer Web browser. While Microsoft is reportedly working on a fix, the bad news is that there won't be an easy solution for people sticking with Windows XP despite previous warnings.
After more than 12 years, Microsoft ended its support of Windows XP and all versions of Internet Explorer for XP three weeks ago. At that time, the company released its final security update for the operating system, saying it would no longer provide monthly, automatic XP security patches for free. New critical patches will be made available only to paid "Custom Support" subscribers.
There are additional reports Microsoft will continue to provide updates to its Security Essentials virus definitions and Malicious Software Removal Tool until July 14, 2015. Win XP users will reportedly have to manually download and install those updates.
Microsoft shares were up 0.23% to $40 in premarket trading in New York.According to Microsoft, the just discovered IE problem (Log-in required) is a remote code execution vulnerability. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website." The problem exists for all versions of the browser beginning with Internet Explorer 6 and running through the current Internet Explorer 11 which is standard equipment on Windows 8.1 and 8.1 RT computers. Microsoft isn't saying exactly what it will do to fix the problem but promises to "take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs." Security experts at FireEye said they've already found a problem. This newly discovered vulnerability uses what is described as a "well-known (Adobe (ADBE)) Flash exploitation" to bypass current Windows protections. Microsoft continues to suggest that XP users upgrade their computers to currently supported versions of the operating system including Windows 7 or Windows 8.1. Microsoft has offered XP users a special "express" version of Laplink's PCmover software to help migrate older data to newer systems.
-- Written by Gary Krakow in New York.
To submit a news tip, send an email to email@example.com.
Select the service that is right for you!COMPARE ALL SERVICES
- $2.5+ million portfolio
- Large-cap and dividend focus
- Intraday trade alerts from Cramer
- Weekly roundups
Access the tool that DOMINATES the Russell 2000 and the S&P 500.
- Buy, hold, or sell recommendations for over 4,300 stocks
- Unlimited research reports on your favorite stocks
- A custom stock screener
- Upgrade/downgrade alerts
- Diversified model portfolio of dividend stocks
- Alerts when market news affect the portfolio
- Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
- Real Money + Doug Kass Plus 15 more Wall Street Pros
- Intraday commentary & news
- Ultra-actionable trading ideas
- 100+ monthly options trading ideas
- Actionable options commentary & news
- Real-time trading community
- Options TV