Microsoft Patches Windows XP With IE Update

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Microsoft opts to rescue Windows XP users with an emergency patch for Internet Explorer

Microsoft has rushed out an emergency fix for its Internet Explorer (IE) web browser, which included a fix for Windows XP users.

This fix for Windows XP users comes despite the fact that Microsoft officially ended support for the venerable operating system on 8 April.

Zero-Day Patch

Microsoft’s decision to provide an IE fix for the hundreds of millions of customers still running Windows XP, comes after it was alerted to a problem by cybersecurity firm FireEye.

Fox - Shutterstock - © Andrew AstburyIt warned Redmond that a sophisticated group of hackers had exploited the IE bug to launch attacks in a campaign dubbed “Operation Clandestine Fox”. All versions of Internet Explorer, from 6 to 11, are affected.

On Wednesday Microsoft said its fix would not be available for Windows XP as it had stopped supporting that operating system. But on Thursday Microsoft had a change of heart, and revealed that the fix for the bug (via its automated Windows Update system) would also included a fix for XP customers.

Adrienne Hall, general manager of trustworthy computing at Microsoft explained on Thursday that the fix was being rolled out to customers via the automatic update service.

“One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP,” explained Hall in a blog posting. “Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade.”

“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” wrote Hall. “We made this exception based on the proximity to the end of support for Windows XP.”

Despite Microsoft’s reasoning to include a Windows XP fix because the problem came to light so soon after its support cut-off, there is little doubt that Redmond was under pressure to provide a fix because the British, American, and German governments had advised XP users this week to consider using an alternative browser to Internet Explorer until a fix was delivered.

Migrate Now

Microsoft’s Hall however feels that the exploit was over-hyped. “The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown,” she wrote. “Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”

And Hall warned that Windows XP users should still try and migrate to a newer operating system.

“Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer,” wrote Hall.

It was only in February that Microsoft warned of another zero-day vulnerability in Internet Explorer.

Are you a security expert? Try our quiz!