Microsoft has patched a major Internet Explorer browser security flaw, the company announced in a blog post Thursday. Notably, the patch will be pushed out to Windows XP machines, which Microsoft had said it would stop supporting on April 8.
According to the blog post, while the bug sounded bad, it wasn’t really (emphasis added):
“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”
The browser security flaw was first discovered by FireEye, a cybersecurity company, on April 26. The vulnerability allowed remote attackers to gain extensive user rights by luring users to specially designed webpages carrying a payload of malicious code.
The patch is rolling out through Microsoft’s automatic updates program at the moment and can be applied to versions of Internet Explorer from IE 6 to IE 11. The decision to issue a security update for Windows XP may have been related to the fact that Windows XP still retains 26 percent of the global PC market, according to Net Market Share, a research firm.