Microsoft fixes IE zero-day flaw
Windows XP users will receive the patch, even though Microsoft ended support for the OS about 3 weeks ago
By Juan Carlos Perez | Published: 18:46, 01 May 2014
Microsoft has issued a patch for an Internet Explorer zero-day flaw being actively exploited by malicious hackers and that was first identified Saturday .
The flaw, which affects IE 6 through IE 11, could allow attackers to execute code remotely on a compromised computer if the user views an infected web page using the browser.
"An attacker who successfully exploited this vulnerability could gain the same user rights as the current user," reads the security bulletin.
Related Articles on Techworld
The flaw is rated Critical, the most severe rating in Microsoft's security categories.
The patch will be automatically downloaded and installed in Windows computers configured to receive software updates from Microsoft. Users who don't get these automatic updates are advised to install this patch manually right away.
Although Windows XP users aren't supposed to get this type of patch delivered to them anymore, since support for the OS ended on April 8, Microsoft is making an exception and pushing out this update to them as well.
"The security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers," Adrienne Hall, general manager, Microsoft Trustworthy Computing, said in a statement.
The most likely scenario for victimizing users with this flaw is the distribution by attackers via email and IM messages of links to malicious websites.
Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.