News

Microsoft Warns of IE Bug on Windows XP

Internet Explorer continues to be a target of unpatched exploits as Microsoft released yet another security advisory for IE on Wednesday, mostly applying to Windows XP users.

According to the advisory, the software giant is investigating a new publicly reported bug affecting IE versions 5 to 8 on Windows XP and Windows Server 2003 Service Pack 2. The fix applies to IE browsers that aren't configured by default to run in "protected mode" or that have that function turned off.

Microsoft's advisory also applies to IE 5.01 SP4 on Windows 2000 SP4, as well as to IE 6 SP1 on Windows 2000 SP4.

This vulnerability typically doesn't apply when running IE on Windows Vista or Windows 7 because those operating systems use protected mode by default, according to a Microsoft blog. The blog noted that Microsoft has already issued a "Fix it" automated patch to help individual users enable protected mode on XP systems.

"Windows XP users, or users who have disabled Protected Mode, can help protect themselves by implementing Network Protocol Lockdown," the blog explains. "We have created a Microsoft Fix It to automate this. The Fix It can be run on individual systems or enterprises can deploy it through their automated systems."

The bug in question would still require that users be directed to a malicious Web site in order for the exploit to happen. A hacker could gain the same local user rights as the IE user if an attack is carried out successfully. Limiting user rights on the system thus can be a helpful way to lessen an attack's impact.

Redmond may release a patch for this bug in its monthly security update, coming next Tuesday, or issue an out-of-band patch. Microsoft already issued an out-of-band fix for IE in January to address a remote code execution bug that led to attacks on Google and other companies.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

Most   Popular