Unpatched bug in IE leaves XP users vulnerable
Microsoft warns that exploited bug in IE has been patched for Windows Vista and later but won't be patched for XP
Hackers are already exploiting a vulnerability in Internet Explorer which has not been patched in Windows XP, Microsoft has reported.
The bug was patched by an update from Microsoft on Tuesday, but only for IE users with later versions of Windows than XP. Because Windows XP is out of support, users of IE6, 7 and 8 who are running XP did not receive any patch, and will be vulnerable to exploits of the bug.
The vulnerability, listed as CVE-2014-1815, has been exploited in the past by hackers, Microsoft warned, in ‘drive by' attacks that trigger when an IE user visits a website that carries exploit code.
"Microsoft is aware of limited attacks that attempt to exploit this vulnerability in Internet Explorer," the bulletin stated.