Microsoft revealed that Internet Explorer (IE) 6, 7, and 8 are being electronically attacked by hackers exploiting a previously unknown vulnerability in the products. The flaw is not found in new IE versions—IE 9 and IE 10—and Microsoft advises customers to upgrade to these versions when possible.
There’s just one problem, of course: IE 8 is the newest version that Windows XP customers can use.
“Microsoft is investigating public reports of a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8,” a security advisory reads. “Microsoft is aware of targeted attacks that attempt to exploit this … remote code execution vulnerability.”
Microsoft currently offers a workaround via a Fix it solution called MSHTML Shim Workaround that prevents the exploitation. (The Fix it does not require a reboot, Microsoft says.) The firm says that it will provide a formal fix via its monthly security update release process, or with an out-of-cycle security update if needed.
According to security researchers at FireEye, the exploit uses a “heap spray attack” against IE using Adobe Flash. It is withholding technical details about the attack while Microsoft continues its investigation.