The company warned users of the coding flaw that essentially rolls out the welcome mat to a hacker on a network computer, the same way as if they were an official user, reports the Wall Street Journal.
Thus far Microsoft says it knows of “limited, targeted attacks” trying to exploit the flaw, but hasn’t said much else.
“On completion of this investigation, Microsoft will take the appropriate action to protect our customers,” Microsoft said in a security bulletin. The company that claims to have found the hole, FireEye, says it’s part of a bigger effort to hack into U.S. financial and defense companies.
Microsoft didn’t say, however, what help, if any, will be available for Windows XP users. The company stopped supporting the 13-year-old operating systems as of April 8, which means anyone running it will likely not receive a patch from Microsoft to fix the vulnerability.
“XP users are not safe anymore and this is the first vulnerability that will be not patched for their system,” a Symantec Corp. researcher wrote about the flaw.
The best case scenario? Microsoft decides to take pity on Windows XP users and issue a patch to fix the security issue. But don’t hold your breath — it’s probably best to update and finally stop using XP, as this will likely only be the first of many times it could put your computer’s security at risk.
Microsoft Web Browser Has Security Flaw [Wall Street Journal]