NEW YORK (TheStreet) -- Researchers have uncovered a major new vulnerability for most versions of Microsoft's (MSFT) Internet Explorer Web browser. While Microsoft is reportedly working on a fix, the bad news is that there won't be an easy solution for people sticking with Windows XP despite previous warnings.
After more than 12 years, Microsoft ended its support of Windows XP and all versions of Internet Explorer for XP three weeks ago. At that time, the company released its final security update for the operating system, saying it would no longer provide monthly, automatic XP security patches for free. New critical patches will be made available only to paid "Custom Support" subscribers.
There are additional reports Microsoft will continue to provide updates to its Security Essentials virus definitions and Malicious Software Removal Tool until July 14, 2015. Win XP users will reportedly have to manually download and install those updates.
Microsoft shares were up 0.23% to $40 in premarket trading in New York.
According to Microsoft, the just discovered IE problem (Log-in required) is a remote code execution vulnerability. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
The problem exists for all versions of the browser beginning with Internet Explorer 6 and running through the current Internet Explorer 11 which is standard equipment on Windows 8.1 and 8.1 RT computers.
Microsoft isn't saying exactly what it will do to fix the problem but promises to "take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Security experts at FireEye said they've already found a problem. This newly discovered vulnerability uses what is described as a "well-known (Adobe (ADBE)) Flash exploitation" to bypass current Windows protections.
Microsoft continues to suggest that XP users upgrade their computers to currently supported versions of the operating system including Windows 7 or Windows 8.1. Microsoft has offered XP users a special "express" version of Laplink's PCmover software to help migrate older data to newer systems.
-- Written by Gary Krakow in New York.
To submit a news tip, send an email to firstname.lastname@example.org.