Microsoft issues emergency security patch for Internet Explorer – even for Windows XP users!

LifelineMicrosoft has today issued an emergency patch for users of Internet Explorer, following the recent discovery of a zero-day vulnerability that was being actively exploited by hackers.

The flaw was pretty unpleasant – allowing attackers to silently install malware onto computers just by the user visiting, say, a poisoned webpage.

A patch is great news, of course, for those Windows computer users with vulnerable installations of Internet Explorer, but not entirely unexpected considering its serious nature.

Late last week, when news spread of the CVE-2014-1776 security hole, FireEye warned that the flaw was being exploited in a wave of targeted attacks they dubbed “Clandestine Fox”.

Sign up to our free newsletter.
Security news, advice, and tips.

At the time I commented:

Hopefully Microsoft will release a proper fix sooner rather than later. In fact, I wouldn’t be surprised if they pull out all the stops and attempt to issue an out-of-band patch before too much harm is done.

Well, it seems to me that Microsoft has turned around this fix pretty quickly and, what is more, they are also releasing the patch for… drum roll… Windows XP too!

That’s something of a turnaround by Microsoft as Windows XP’s last official security update was supposed to be on the Patch Tuesday bundled issued on April 8th. So, consider this a lifeline…

Dustin Cook of Microsoft’s Trustworthy Computing group has posted that although they are going to issue a fix for Windows XP, they still strongly recommend you update your operating system to a version which is properly supported:

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.

If I were you, I wouldn’t bank on Microsoft keep coming back to Windows XP. They’re only doing this out of the goodness of their hearts.

If you have automatic updates enabled on your computer, then you should receive this critical security update automatically. If you can’t wait, you can grab it by manually visiting Windows Update.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Microsoft issues emergency security patch for Internet Explorer – even for Windows XP users!”

  1. DoktorThomas2™

    One major security flaw in all winOS's to date is IE (information exporter). From the beginning it as been a coding/security disaster. I haven't used IE since win98. Won't in the future. As just deserts, I don't buy anything MSFT. My next new computer will be of the fructose persuasion. Vista and win(H)8 are the best ad campaigns for Apple ever devised. MSFT is good something….

    I'd be remiss if I didn't remind everyone of that infamous OS, winME (millions of errors); some things don't get better with time. :-) © 2014

  2. peter

    I can't get my windows updates every time I try to fix the problem or go on line for help there's some company trying to sell me the fix Microsoft is nothing but a den of vipers

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.