Microsoft has today issued an emergency patch for users of Internet Explorer, following the recent discovery of a zero-day vulnerability that was being actively exploited by hackers.
The flaw was pretty unpleasant - allowing attackers to silently install malware onto computers just by the user visiting, say, a poisoned webpage.
A patch is great news, of course, for those Windows computer users with vulnerable installations of Internet Explorer, but not entirely unexpected considering its serious nature.
Late last week, when news spread of the CVE-2014-1776 security hole, FireEye warned that the flaw was being exploited in a wave of targeted attacks they dubbed “Clandestine Fox”.
At the time I commented:
Hopefully Microsoft will release a proper fix sooner rather than later. In fact, I wouldn’t be surprised if they pull out all the stops and attempt to issue an out-of-band patch before too much harm is done.
Well, it seems to me that Microsoft has turned around this fix pretty quickly and, what is more, they are also releasing the patch for… drum roll… Windows XP too!
That’s something of a turnaround by Microsoft as Windows XP’s last official security update was supposed to be on the Patch Tuesday bundled issued on April 8th. So, consider this a lifeline…
Dustin Cook of Microsoft’s Trustworthy Computing group has posted that although they are going to issue a fix for Windows XP, they still strongly recommend you update your operating system to a version which is properly supported:
We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.
If I were you, I wouldn’t bank on Microsoft keep coming back to Windows XP. They’re only doing this out of the goodness of their hearts.
If you have automatic updates enabled on your computer, then you should receive this critical security update automatically. If you can’t wait, you can grab it by manually visiting Windows Update.