Critical vulnerability in IE, unsupported Windows XP no fix for patches
Microsoft announced the existence of a vulnerability related to all versions of Internet Explorer 6 through 11. The target OS is almost all Windows OS such as Windows 8.1 and Windows Server 2012, of course, on April 9, 2014Supported Windows XPAlthough it is included,Microsoft Security AdvisoryThere is no application.
Microsoft Security Advisory 2963983
New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks | FireEye Blog
Hackers find first post-retirement Windows XP-related vulnerability - Computerworld
The vulnerability announced by Microsoft is that code is executed remotely by accessing deleted memory and objects in memory not allocated properly. An attacker could exploit this vulnerability in IE to allow fake websites to be displayed and to trick the user into clicking the link to execute the code. The target browser is all versions from IE 6 to IE 11, and the target OS is almost all Windows OS such as Windows 8.1 which is the latest OS and Windows Server 2012 which is the server OS.
Security companyFireEyeAccording to this vulnerability is common to all IEs from IE 6 to IE 11, IE 9 attacks IE 11 fromZero Day AttackSince it has been confirmed the presence of these attacks, it is confirmed that these attacks are via Flash,It is effective to invalidate the Flash plug-in of IEIt is clarified that it is.
Although Microsoft plans to provide temporary updates for this vulnerability, patches are not expected to be offered to Windows XP, which is no longer supported. As a result, Windows XP users seem to be able to deal with it by switching to browsers like Google Chrome and Firefox, which will continue to be supported for at least the next 12 months.
Microsoft urgently discloses IE security patches including Windows XP - GIGAZINE