[tahanteada]

Computerworld pajatab:
Hackers find first post-retirement Windows XP-related vulnerability
Internet Explorer 6, 7 and 8 arent being exploited yet, but harbor a critical flaw

Computerworld - Microsoft on Saturday told customers that cyber-criminals are exploiting an unpatched and critical vulnerability in Internet Explorer (IE) using "drive-by" attacks.

"Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11," the company said in a security advisory.

According to Microsoft, the attacks have been launched against IE users tricked into visiting malicious websites. Such attacks, dubbed "drive-bys," are among the most dangerous because a vulnerable browser can be hacked as soon as its user surfs to the URL.

All currently-supported versions of IE are at risk, Microsoft said, including 2001's IE6, which still receives patches on Windows Server 2003. The same browser will not be repaired on Windows XP, as the operating system was retired from patch support on April 8.

The IE flaw was the first post-retirement bug affecting XP.

And that's important.

Because Microsoft will eventually patch the drive-by bug in IE6, IE7 and IE8, then deliver those patches to PCs running Windows Vista and Windows 7, it's likely that hackers will be able to uncover the flaw in the browsers' code, then exploit it on the same browsers running on Windows XP.

Microsoft said that was the biggest risk of running XP -- and IE on it -- after the operating system was retired, claiming last year that XP was 66% more likely to be infected with malware once patching stopped.

Edasi lingil:
http://www.computerworld.com/s/article/9247940/Hackers_find_first_post_retirement_Windows_XP_related_vulnerability

[Tanel]

Microsoft fixes Windows XP browser security flaw despite end of support http://www.theverge.com/2014/5/1/5671878/microsoft-internet-explorer-windows-xp-update