News

Microsoft Warns of IE Bug on Windows XP

Internet Explorer continues to be a target of unpatched exploits as Microsoft released yet another security advisory for IE on Wednesday, mostly applying to Windows XP users.

According to the advisory, the software giant is investigating a new publicly reported bug affecting IE versions 5 to 8 on Windows XP and Windows Server 2003 Service Pack 2. The fix applies to IE browsers that aren't configured by default to run in "protected mode" or that have that function turned off.

Microsoft's advisory also applies to IE 5.01 SP4 on Windows 2000 SP4, as well as to IE 6 SP1 on Windows 2000 SP4.

This vulnerability typically doesn't apply when running IE on Windows Vista or Windows 7 because those operating systems use protected mode by default, according to a Microsoft blog. The blog noted that Microsoft has already issued a "Fix it" automated patch to help individual users enable protected mode on XP systems.

"Windows XP users, or users who have disabled Protected Mode, can help protect themselves by implementing Network Protocol Lockdown," the blog explains. "We have created a Microsoft Fix It to automate this. The Fix It can be run on individual systems or enterprises can deploy it through their automated systems."

The bug in question would still require that users be directed to a malicious Web site in order for the exploit to happen. A hacker could gain the same local user rights as the IE user if an attack is carried out successfully. Limiting user rights on the system thus can be a helpful way to lessen an attack's impact.

Redmond may release a patch for this bug in its monthly security update, coming next Tuesday, or issue an out-of-band patch. Microsoft already issued an out-of-band fix for IE in January to address a remote code execution bug that led to attacks on Google and other companies.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Exchange Server June Cumulative Updates Arrive, but with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.