Microsoft issues warning of attacks on IE, first flaw since XP support ended

Image: windows.microsoft.com
Image: windows.microsoft.com

Microsoft is warning people that use Internet Explorer (IE) about attacks that are exploiting a previously unknown security flaw.

The flaw affects IE6 through IE11, and on all Microsoft operating systems.

The vulnerability allows malicious software to be installed simply by visiting a hacked or malicious website.

Screenshot of microsoftstore.com
Microsoft offering $100 to drop Windows XP

The company said it is aware of “limited, targeted attacks” against the vulnerability (CVE-2014-1776), and credits security firm FireEye with discovering the attack.

Microsoft has not issued a patch for this flaw at the time of this post.

The company is asking IE users to download and install its Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help strengthen security on Windows. EMET must be version 4.1 or higher to prevent an attack using this flaw.

You can also use a third-party browser such as Google’s Chrome or Mozilla’s FireFox.

This is the first major vulnerability since Microsoft stopped support of Windows XP on April 8. This means that the fix may not be made for users still on the unsupported operating system.

 

 

blog comments powered by Disqus