First post-XP security attack hits Microsoft

Internet Explorer targeted but users on Windows XP will be left out in the cold without support

Microsoft is working to prevent cybercriminals hijacking users' PCs after Internet Explorer was hit by a huge security glitch, but those running Windows XP will be left to fend for themselves.

Over the weekend, Microsoft issued a security advisory blog in which it claims attackers could take over users' PCs through the browser.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," it said. "An attacker who successfully exploited this vulnerability could gain the same user rights as the current user."

Devices running Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 will be less exposed to the glitch, the firm added, claiming the programmes operate in a restricted mode that mitigates the risk.

The software giant is preparing to issue a security update for those who are affected either as part of its standard monthly patch release or possibly sooner, depending on users' needs.

"Microsoft continues to encourage customers to follow the guidance... of enabling a firewall, applying all software updates, and installing anti-malware software," it added.

Earlier this month, the software giant ended support for 13-year-old Windows XP, so users still running the operating system– and who do not have extended support – will be left without any help.

Security vendor Symantec said the vulnerability is already being exploited in "limited target attacks" and confirmed that XP users are at heightened risk.

"Our testing confirmed that the vulnerability crashes Internet Explorer on Windows XP," it said. "This will be the first zero-day vulnerability that is not patched for Windows XP users."