Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft sticks to vow, leaves XP exposed to ongoing attacks

Gregg Keizer | May 15, 2014
Refuses to patch Internet Explorer bug that hackers are already exploiting.

Together, those three security updates patched four vulnerabilities out of the month's total of 13.

For people who cannot give up IE, Microsoft provided workarounds it said would help ward off attacks, including those aimed at the browser when it's running on Windows XP. However, the workarounds have negative side effects that may make some websites unusable, Microsoft warned. The security bulletin MS14-029 includes those workaround instructions.

Another stop-gap users can deploy is the Enhanced Mitigation Experience Toolkit (EMET), a free anti-exploit utility that works on Windows XP. EMET 4.1 can be downloaded from Microsoft's website.

CVE-2014-1815 was reported to Microsoft by Clement Lecigne, a security engineer who works for Google in its Swiss office.

Lecigne made news three months ago when he was awarded $10,000 by the Internet Bug Bounty (IBB), a new program funded by Facebook and Microsoft. IBB cut Lecigne the check for finding a critical vulnerability in Adobe's Flash Player. Lecigne donated the $10,000 to the Hackers for Charity non-profit.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.