Microsoft announced on April 27, 2014 a vulnerability has been discovered for all versions of Internet Explorer version 6 through version 11. As of this afternoon on April 28, 2014 there is still no patch available to remediate the vulnerability. To compound the vulnerability, Microsoft will not be issuing a patch for Windows XP machines running Internet Explorer. With the dropping of support for XP, I believe this is the first of many attacks that will be targeting the Windows XP Operating System.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
What should you do?
- Do not use Microsoft's IE on any machine you may currently have.
- Use an alternative browser such as Firefox (See the link below).
- If you are an XP user, use an alternative browser - forever.
- Think seriously about upgrading your XP machines.
Here is the Microsoft Security Advisory link for your information: https://technet.microsoft.com/library/security/2963983
Here is a link to download Firefox: http://www.mozilla.org/en-US/firefox/new/