Microsoft issues emergency security patch for Internet Explorer – even for Windows XP users!

Lifeline Microsoft has today issued an emergency patch for users of Internet Explorer, following the recent discovery of a zero-day vulnerability that was being actively exploited by hackers.

The flaw was pretty unpleasant – allowing attackers to silently install malware onto computers just by the user visiting, say, a poisoned webpage.

A patch is great news, of course, for those Windows computer users with vulnerable installations of Internet Explorer, but not entirely unexpected considering its serious nature.

Late last week, when news spread of the CVE-2014-1776 security hole, FireEye warned that the flaw was being exploited in a wave of targeted attacks they dubbed “Clandestine Fox”.

Sign up to our free newsletter.
Security news, advice, and tips.

At the time I commented:

Hopefully Microsoft will release a proper fix sooner rather than later. In fact, I wouldn’t be surprised if they pull out all the stops and attempt to issue an out-of-band patch before too much harm is done.

Well, it seems to me that Microsoft has turned around this fix pretty quickly and, what is more, they are also releasing the patch for… drum roll… Windows XP too!

That’s something of a turnaround by Microsoft as Windows XP’s last official security update was supposed to be on the Patch Tuesday bundled issued on April 8th. So, consider this a lifeline…

Dustin Cook of Microsoft’s Trustworthy Computing group has posted that although they are going to issue a fix for Windows XP, they still strongly recommend you update your operating system to a version which is properly supported:

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.

If I were you, I wouldn’t bank on Microsoft keep coming back to Windows XP. They’re only doing this out of the goodness of their hearts.

If you have automatic updates enabled on your computer, then you should receive this critical security update automatically. If you can’t wait, you can grab it by manually visiting Windows Update.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

2 comments on “Microsoft issues emergency security patch for Internet Explorer – even for Windows XP users!”

  1. DoktorThomas2™

    One major security flaw in all winOS's to date is IE (information exporter). From the beginning it as been a coding/security disaster. I haven't used IE since win98. Won't in the future. As just deserts, I don't buy anything MSFT. My next new computer will be of the fructose persuasion. Vista and win(H)8 are the best ad campaigns for Apple ever devised. MSFT is good something….

    I'd be remiss if I didn't remind everyone of that infamous OS, winME (millions of errors); some things don't get better with time. :-) © 2014

  2. peter

    I can't get my windows updates every time I try to fix the problem or go on line for help there's some company trying to sell me the fix Microsoft is nothing but a den of vipers

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.