Internet Explorer 11 on Windows 7 is no longer supported

Internet Explorer Memory Corruption Bug

It might be easy to tease anyone who's still using such an old operating system, but if you (or a family member) are still using Windows 7 for day-to-day computing then I'd argue that's actually something to be respected. If your computer runs Windows, for example, find out about updates, new operating systems, and tech support directly from Microsoft.

Microsoft has confirmed that hackers are now using a security flaw that affects Internet Explorer, but that it has no immediate plans to fix it.

Right now, there is no security patch to fix the flaw, but if necessary, Microsoft says a possible workaround is to restrict access to the jscript.dll library (a defunct Jscript version released in 2009). This means that people should update their Microsoft systems immediately to avoid hacking.

"Financial institutions should also take mitigating measures to prevent the vulnerabilities from being exploited", the MAS added in its note.

Neither Qihoo, Microsoft nor Mozilla said how attackers were exploiting the bug, who the attackers were, or who was being targeted. The new Microsoft Edge was built to bring you the best of the web, with more control and more privacy as you browse.

Business users also have the option of opting in to Microsoft's Extended Security Updates for up to three years.

To exploit this zero-day vulnerability, a threat actor could use a maliciously-created website implementing JScript as the scripting engine, that would kick-off an exploit if the visitor was using the Internet Explorer browser to view.

The company has already announced its plans to gradually release the new Microsoft Edge browser via Windows Update. That's right, the now unsupported Windows 7 that some experts have called a "crazy high-security risk". One of the UK's leading enterprise IT websites IT Pro suggested it was nearly double Bott's estimate at 36 per cent.

Microsoft told TechCrunch that it was was "attentive to restricted centered assaults" and was "engaged on a repair", nonetheless that it was no longer more likely to launch a patch till its next round of month-to-month security fixes - scheduled for February 11.

Related:

Comments


Other news