News

Microsoft Warns of IE Bug on Windows XP

Internet Explorer continues to be a target of unpatched exploits as Microsoft released yet another security advisory for IE on Wednesday, mostly applying to Windows XP users.

According to the advisory, the software giant is investigating a new publicly reported bug affecting IE versions 5 to 8 on Windows XP and Windows Server 2003 Service Pack 2. The fix applies to IE browsers that aren't configured by default to run in "protected mode" or that have that function turned off.

Microsoft's advisory also applies to IE 5.01 SP4 on Windows 2000 SP4, as well as to IE 6 SP1 on Windows 2000 SP4.

This vulnerability typically doesn't apply when running IE on Windows Vista or Windows 7 because those operating systems use protected mode by default, according to a Microsoft blog. The blog noted that Microsoft has already issued a "Fix it" automated patch to help individual users enable protected mode on XP systems.

"Windows XP users, or users who have disabled Protected Mode, can help protect themselves by implementing Network Protocol Lockdown," the blog explains. "We have created a Microsoft Fix It to automate this. The Fix It can be run on individual systems or enterprises can deploy it through their automated systems."

The bug in question would still require that users be directed to a malicious Web site in order for the exploit to happen. A hacker could gain the same local user rights as the IE user if an attack is carried out successfully. Limiting user rights on the system thus can be a helpful way to lessen an attack's impact.

Redmond may release a patch for this bug in its monthly security update, coming next Tuesday, or issue an out-of-band patch. Microsoft already issued an out-of-band fix for IE in January to address a remote code execution bug that led to attacks on Google and other companies.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.