Blog Post

Microsoft patches major Internet Explorer security flaw, even for Windows XP

Microsoft(s MSFT) has patched a major Internet Explorer browser security flaw, the company announced in a blog post Thursday. Notably, the patch will be pushed out to Windows XP machines, which Microsoft had said it would stop supporting on April 8.

According to the blog post, while the bug sounded bad, it wasn’t really (emphasis added):

“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”

The browser security flaw was first discovered by FireEye, a cybersecurity company, on April 26. The vulnerability allowed remote attackers to gain extensive user rights by luring users to specially designed webpages carrying a payload of malicious code.

The patch is rolling out through Microsoft’s automatic updates program at the moment and can be applied to versions of Internet Explorer from IE 6 to IE 11. The decision to issue a security update for Windows XP may have been related to the fact that Windows XP  still retains 26 percent of the global PC market, according to Net Market Share, a research firm.

19 Responses to “Microsoft patches major Internet Explorer security flaw, even for Windows XP”

  1. Bravo Microsoft!!!! Not the almighty buck is important. Not every individual or corporation in the world can shell out for the latest and greatest of everything. Many businesses and many individuals work with all that they can afford.

  2. When will we receive this Internet Explorer security patch? I am running Windows XP and have automatic updates on, but I have received nothing since this patch was supposed to be available on May 1st. I tried chatting with Microsoft techs, but one told me that there would be no support or patch for XP and the other tech told me to just wait. Is there no manual download for this patch?

  3. jon vonn

    The main reason to include XP is that it was not XP but the browser IE that had the problem. In the browser wars IE is a standalone. While it comes with Microsoft operating systems other OS’s use it too.

  4. Randy

    Probably the safest thing to do is not use IE but use Firefox or Chrome. Then you don’t have to worry about all the IE updates. I moved to Firefox years ago and never looked back.

  5. Just turn on your Automatic Updates in control panel. Then Click Start go up to Windows Update and click it. My Second Drive is XP Pro SP3. I got 163 updates. However when I opened Internet Explorer and it did some creepy thinks. I clicked on Firefox and everything was cool.

  6. Ron Hansen

    After I downloaded the update for MS Explorer, I couldn’t access some of my programs, except as Administrator. When I removed it, my computer worked fine. I bet that is because some of my programs are 32 bit.

    • rannxerox

      Are you running the x64 IE browser? Other than that, should not affect them unless the web apps are using an unofficial “hack” to do whatever it is they do.

      • Ron Hansen

        I have 11.0.7 IE browser KB2929437. I could not start programs such as Google Chrome, Pandora and HP Support Assistance after I downloaded Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2964358)

        My Windows 7 Premium uses both 64 and 32 bit programs. It is primarily a 64 bit program.

      • Ron Hansen

        I just tried re-installing it. This time it I can access Google Chrome and Pandora without having to access as Administrator. Things look OK :)

  7. This doesn’t seem to address the Internet Explorer / Adobe Flash issue you have in Internet Explorer where Homeland Security send out an advisory to stop using Internet Explorer just a few days ago.