Reference (Copied):
http://www.latesthackingnews.com/2014/05/29/windows-xp-vulnerable-forever-due-to-zero-day-flaw/Microsoft most likely developed a patch for the zero-day flaw since October 2013, when it was first made aware of the vulnerability in Internet Explorer 8, but the company had to delay its release due to some other publicly disclosed security flaws that affected a wider array of users.
The problem in this case is why Microsoft needs so much time to address this new zero-day and why the company delays the release if the patch is already available.
Basically, if your existing Windows installation can run a newer version of Internet Explorer than 8.0, it would be quite a good idea to update and thus avoid getting your computer hijacked if an exploit is being developed.
At the same time, virtually everyone can replace Internet Explorer with a different third-party browser that’s obviously not affected by the flaw and keeps you on the safe side.
Microsoft has confirmed the existence of the issue but hasn’t said anything about the release date of a patch. While the company might opt for an out-of-band patch, it could also very well wait until the next Patch Tuesday on June 10, when some other updates are also planned.
