A security vulnerability affecting recent versions of Internet Explorer will not be patched for Windows XP users
Microsoft has warned customers that a vulnerability in its Internet Explorer browser could allow hackers to gain access to their computers.
The flaw affects Internet Explorer versions 6 to 11, representing more than a quarter of the global browser market, according to NetMarket Share. Microsoft said that it was aware of “limited, targeted attacks” that exploit the flaw.
“An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company said in a security advisory.
Microsoft said it is taking appropriate action to protect its customers, which may include issuing a security patch, either through its monthly security update release process or as a one-off update.
However, people still using Windows XP will not benefit from a security patch, as Microsoft stopped supporting the 13-year-old operating system earlier this month.
Cyber security firm Symantec said it had carried out tests that confirmed the vulnerability crashes Internet Explorer on Windows XP. “This will be the first zero day vulnerability that will not be patched for Windows XP users,” it said.
Recent research from software company AppSense suggests that as much as 77 per cent of British businesses are running Windows XP in some capacity beyond the end of support deadline – including around half of the UK’s councils and large swathes of the NHS.
“Such organisations could be impacted by further exploits to this vulnerability as malware creators take further advantage of this security hole which will remain open,” said Simon Townsend, chief technologist of Europe at AppSense.
“By using an unsupported platform, organisations are taking a very real risk in terms of data security, as highlighted by this exploit, and need to either move off XP or strictly control user rights and application usage.”
For users of later versions of Microsoft Windows, Symantec encourages users to temporarily switch to a different web browser until a patch is made available.