From InfoWorld: Hackers are exploiting an Internet Explorer (IE) vulnerability that was left unpatched in Windows XP on Tuesday, Microsoft and outside security experts said.
The bug, identified as CVE-2014-1815, was one of two Microsoft patched with a critical update issued Tuesday for IE6, IE7, IE8, IE9, IE10 and IE11. In the accompanying security bulletin, Microsoft noted that the vulnerability had been both known to hackers and used by them prior to yesterday's update.
"Microsoft is aware of limited attacks that attempt to exploit this vulnerability in Internet Explorer," the bulletin stated.
But because Windows XP exhausted its support privileges last month, users running the aged operating system did not receive the IE security update, as did owners of Windows Vista, Windows 7 and Windows 8 PCs.
Also on Tuesday, Microsoft reasserted that it has patched its last Windows XP bug. In the strongest signal yet that it will stick with its plan -- and that a May 1 emergency patch for IE on XP had been a one-time deal -- a company spokesman said, "The Windows XP end of support policy still remains in place moving forward."
View: Article @ Source Site