Microsoft Patches Windows XP With IE Update

Microsoft has rushed out an emergency fix for its Internet Explorer (IE) web browser, which included a fix for Windows XP users.

This fix for Windows XP users comes despite the fact that Microsoft officially ended support for the venerable operating system on 8 April.

Zero-Day Patch

Microsoft’s decision to provide an IE fix for the hundreds of millions of customers still running Windows XP, comes after it was alerted to a problem by cybersecurity firm FireEye.

It warned Redmond that a sophisticated group of hackers had exploited the IE bug to launch attacks in a campaign dubbed “Operation Clandestine Fox”. All versions of Internet Explorer, from 6 to 11, are affected.

On Wednesday Microsoft said its fix would not be available for Windows XP as it had stopped supporting that operating system. But on Thursday Microsoft had a change of heart, and revealed that the fix for the bug (via its automated Windows Update system) would also included a fix for XP customers.

Adrienne Hall, general manager of trustworthy computing at Microsoft explained on Thursday that the fix was being rolled out to customers via the automatic update service.

“One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP,” explained Hall in a blog posting. “Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade.”

“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” wrote Hall. “We made this exception based on the proximity to the end of support for Windows XP.”

Despite Microsoft’s reasoning to include a Windows XP fix because the problem came to light so soon after its support cut-off, there is little doubt that Redmond was under pressure to provide a fix because the British, American, and German governments had advised XP users this week to consider using an alternative browser to Internet Explorer until a fix was delivered.

Migrate Now

Microsoft’s Hall however feels that the exploit was over-hyped. “The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown,” she wrote. “Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”

And Hall warned that Windows XP users should still try and migrate to a newer operating system.

“Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer,” wrote Hall.

It was only in February that Microsoft warned of another zero-day vulnerability in Internet Explorer.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Virus scanning no longer performed by the browser. It is now a task voor the provider and the message switching telecom. IE is now simplified and can stay.
    I will keep XP and the automatic updates. There is nothing wrong and I expect a major upgrade this year.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago