Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft makes one-time exception, patches IE on Windows XP

Gregg Keizer | May 2, 2014
Microsoft shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting, and in an unexpected move, allowed Windows XP machines to receive the update.

Microsoft should not have been surprised that news spread about the IE flaw or that media reports focused on the fact that the bug was the first example of XP's out-in-the-cold situation. Others in the company's Trustworthy Computing group have long predicted that attacks against XP PCs would increase once support for the OS ended, and used the dire forecast to push customers into migrating to something newer.

The update itself, designated MS13-021, was straightforward, or at least compared to the ruckus over XP.

MS13-021 patched a single vulnerability in IE6, IE7, IE8, IE9, IE10 and the newest, IE11, on all supported editions of Windows, as well as XP. The bug was rated "critical" for all client versions of — XP, Vista, Windows 7, Windows 8 and Windows 8.1 — but "moderate," two steps down in its four-step threat scoring system, for all Windows Server editions.

The critical vulnerability was first reported to Microsoft by FireEye last week. On Saturday, Microsoft issued a security advisory that offered several temporary ways to defend PCs from attacks.

Today's patch can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services (WSUS).


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.