The Hacker News Logo
Subscribe to Newsletter

Microsoft Patches Internet Explorer Zero-Day Vulnerability, Even for Windows XP

Microsoft Patches Internet Explorer Zero-Day Vulnerability, Even for Windows XP
Microsoft had publicized widely its plans to stop supporting oldest and widely used Operating system, Windows XP after 8th April this year, which means Microsoft would no longer issue security patches for XP.

A few days back, we reported about a new critical Zero-day vulnerability in all versions of Microsoft’s browser Internet Explorer, starting with IE version 6 and including IE version 11.

According to the advisory (CVE-2014-1776), All versions of Internet Explorer are vulnerable to Remote Code Execution flaw, which resides 'in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,’ Microsoft confirmed. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

FIRST PATCH FOR WINDOWS XP, EVEN AFTER EXPIRATION DATE
Internet Explorer vulnerability poses a special concern for people still using Windows XP, but can Microsoft really ignore innocent Windows XP users? No, they Can't.

But today Microsoft announced that they will provide an 'out-of-band security update' for all versions of Internet Explorer that were affected by the zero-day vulnerability, and which will also be available for Windows XP machines through Automatic Updates mechanism.

Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don't take these reports seriously. We absolutely do,” reads the Microsoft’s blog post.

YOU MUST UPGRADE TO LATEST WINDOWS 
So today's patch release shows just how serious the Internet Explorer bug truly was. Microsoft recommends Windows XP users to upgrade to new versions of Windows, i.e. Windows 7 or 8.

just because this update is out now doesn't mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer.” Microsoft said.

Underscoring the severity of the flaw, the company emphasized those with manual updates to install the patch immediately and also install Enhanced Mitigation Experience Toolkit, a free utility that helps prevent vulnerabilities in software from being successfully exploited.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.