Internet Explorer Vulnerability Leaves Millions of Windows XP Users Open to Attack

A newly revealed zero-day vulnerability in Internet Explorer will be the first major security flaw Microsoft won't fix for Windows XP users.

Microsoft ended security support for Windows XP just three weeks ago, and the vulnerability in the company's browser will be the first which won't be patched on the decade old operating system, leaving more than a quarter of all computers in use around the world at risk.

Microsoft's security advisory warns that a vulnerability in its Internet Explorer web browser could allow hackers to gain access to users' computers and initiate "remote code execution".

The flaw affects all versions of the browser from Internet Explorer 6 onwards and is a zero-day vulnerability, meaning Microsoft only became aware of it after attacks were reported.

"Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer," Microsoft wrote in the security advisory. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Microsoft has said that it is investigating the vulnerability and will take "appropriate action" to protect customers once the investigation is complete.

Such action will either involve a security update through its scheduled monthly updates or an out-of-cycle security update, "depending on customer needs".

XP most at risk

Internet Explorer comes pre-installed on all Windows operating systems and it is estimated that just over 53% of Internet users choose Internet Explorer as their desktop browser, with almost a quarter of Internet users running Internet Explorer 8.

The vulnerability, which was first reported to Microsoft by security firm FireEye, comes three weeks after support for Windows XP ended and those still using the operating system will be most at risk.

Security firm Symantec has issued its own warning, stating: "Our testing confirmed that the vulnerability crashes Internet Explorer on Windows XP. This will be the first zero-day vulnerability that is not to be patched for Windows XP users."

According to Net Market Share, 27% of computers worldwide still run Windows XP.

Those still using the old operating system have been advised to use an alternative web browser, like FireFox or Chrome, or to upgrade to a newer operating system.