NEW YORK (TheStreet) -- Researchers have uncovered a major new vulnerability for most versions of Microsoft's (MSFT) Internet Explorer Web browser. While Microsoft is reportedly working on a fix, the bad news is that there won't be an easy solution for people sticking with Windows XP despite previous warnings.
After more than 12 years, Microsoft ended its support of Windows XP and all versions of Internet Explorer for XP three weeks ago. At that time, the company released its final security update for the operating system, saying it would no longer provide monthly, automatic XP security patches for free. New critical patches will be made available only to paid "Custom Support" subscribers.
There are additional reports Microsoft will continue to provide updates to its Security Essentials virus definitions and Malicious Software Removal Tool until July 14, 2015. Win XP users will reportedly have to manually download and install those updates.
Microsoft shares were up 0.23% to $40 in premarket trading in New York.
According to Microsoft, the just discovered IE problem (Log-in required) is a remote code execution vulnerability. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
The problem exists for all versions of the browser beginning with Internet Explorer 6 and running through the current Internet Explorer 11 which is standard equipment on Windows 8.1 and 8.1 RT computers.