Microsoft has issued a security advisory detailing a new bug that has been discovered in its Internet Explorer Web browser.
The flaw could potentially allow hackers to remotely execute code, which means an intruder could install programs and mess with your data without your knowledge. The attacker could also potentially gain full admin access to a user’s computer, which means he or she would be able to install programs, change settings, etc. without the user knowing.
Since Microsoft ended support for its Windows XP operating system earlier this month, the software will not receive a patch to fix the issue.
The security vulnerability affects Internet Explorer versions 6 through 11, which is the most current version. Microsoft notes that a hacker could trick users into visiting a malicious website, which could put the user at risk as soon as he or she visits the URL. These types of attacks, according to ComputerWorld, are called “drive-bys.”
This is the first known bug to be discovered since Microsoft retired support for Windows XP on April 8. Just after Microsoft released its Security Intelligence report in October, Tim Rains, the company’s director of trustworthy computing communications, warned that Windows XP would be more vulnerable to cyber attacks after April 8.
“Inevitably there is a tipping point where the dated software and hardware can no longer defend against modern day threats and increasingly sophisticated cyber criminals,” Rains said in a blog post from October in reference to Windows XP.
In the Security Intelligence Report, Microsoft notes that the infection rate for Windows XP was higher than that of any other operating system during the first half of 2013.
Those using Windows XP can avoid risk by using a different Internet browser such as Google Chrome or Mozilla Firefox. However, for those who still insist on using Internet Explorer, Microsoft suggests taking a few precautionary measures such as enabling Enhanced Protected Mode and setting your Internet and local intranet security zones to “High.” The company explains how to adjust these settings in its security advisory post.
For those using more recent versions of Windows, Microsoft said it’s working to “take the appropriate action to protect our customers.”