There is a large amount of technical data<\/a> on the vulnerability itself. In short, by convincing a user to view a specially crafted HTML document attackers are able to execute an arbitrary code in the system. According to CERT\u2019s description<\/a>, \u201cthe Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser.\u201d CERT also acknowledges that exploitation without the use of Flash may be possible, even though disabling a Flash plugin in IE is one of the workarounds for the problem.<\/p>\n In other words it isn\u2019t a pleasant situation: The U.S. Department of Homeland Security even advised<\/a> not to use Internet Explorer until the patch is in place.<\/p>\n Microsoft found itself in hot water with this. The company had a tough choice: to stick to its earlier decision to cease Windows XP support and tell its (millions of) remaining users to help themselves and to upgrade at last, or give them a hand \u2013 as a contingency measure.<\/p> Microsoft had to choose: to stick to its decision to cease Windows XP support or to make an exception.\u00a0<\/p>Tweet<\/a><\/blockquote>\n In any case it was going to get slammed for either leaving millions of users in the cold or for indulging people who do nothing to protect themselves.<\/p>\n Microsoft corporation chose the latter: \u201cas an exception\u201d it patched the vulnerability in all affected versions of Internet Explorer, providing an update for all versions of Windows XP too.<\/p>\n And it got slammed for that, just as expected<\/a>: \u201cThe decision to release this patch is a mistake,\u201d said Ars Technica, saying that such one-off \u201cexceptions\u201d do not make Internet Explorer on Windows XP any safer. Instead it makes a false impression that it\u2019s okay to keep going with Windows XP. IT people who knew they needed to migrate (and needed a budget for this) kept telling their superiors that Microsoft wasn\u2019t going to provide any patches beyond April 8th. Now they are in the hot water too, because, from a business owner\u2019s point of view, if there was one \u201cexception\u201d why shouldn\u2019t there be another? And another? Why, again, can\u2019t Microsoft just extend the Windows XP support further infinitely?<\/p>\n \u201cThe job of migrating away from Windows XP just got a whole lot harder,\u201d Ars Technica said. And for good reason.<\/p>\n This situation is indeed a thought-provoking one. Windows XP has been around for too long, and because of this, has had too many things go wrong. Microsoft, after years of preparations, warnings and admonitions, finally axed Windows XP support\u2026 and almost immediately released a new patch \u2013 along with explanations:<\/p>\n \u201cEven though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we\u2019ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown.\u00a0 Unfortunately this is a sign of the times and this is not to say we don\u2019t take these reports seriously.\u00a0 We absolutely do,\u201d said<\/a> Adrienne Hall, General Manager for Trustworthy Computing department at Microsoft.<\/p>\n Maybe we should thank Microsoft for their concern, but then again, maybe not.<\/p>\n Microsoft keeps trumpeting the fact that people need to move away from Windows XP for security reasons, but acts as if there\u2019s no hurry at all.<\/p>\n As for this IE vulnerability and its 0day exploits, there are multiple sophisticated protection technologies in Kaspersky Lab products that are designed specifically to block even unknown threats such as zero-day exploits. Automatic Exploit Prevention is one of these technologies. And now we can confirm that newly discovered exploits for this IE vulnerability are successfully detected and blocked out by our solutions, so our customers are safe.<\/p>\n We fully understand that it will take time for Windows XP to go away completely. The sooner it happens, the better: migration from Windows XP is a necessary security measure<\/i>. But still we will continue support for Windows XP in our products until 2016.<\/p>\n","protected":false},"excerpt":{"rendered":" Microsoft had to deal with a new less-than-pleasant vulnerability in Internet Explorer browser, which affected all of its versions starting with IE6 in all of its operational systems including the<\/p>\n","protected":false},"author":209,"featured_media":16078,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[121,600],"class_list":{"0":"post-14951","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-updates","10":"tag-windows-xp"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ie-0day-and-windows-xp-microsofts-tough-decision\/14951\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ie-0day-and-windows-xp-microsofts-tough-decision\/14951\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ie-0day-and-windows-xp-microsofts-tough-decision\/14951\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/updates\/","name":"updates"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=14951"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14951\/revisions"}],"predecessor-version":[{"id":30943,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14951\/revisions\/30943"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/16078"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=14951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=14951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=14951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"640\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/05\/06020243\/640.jpg\")
<\/a><\/p>\n