Member log in

Microsoft makes one-time exception, patches IE on Windows XP

UPDATE / May 2: After several stays of execution, Microsoft finally — for real this time — pulled the plug on Windows XP support.

Until today.

After a wave of publicity Microsoft about a "xero day" bug, the company today shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting to steal data from people using all version of Windows, Computerworld reports.

But in an unexpected move, Microsoft also allowed Windows XP machines to receive the update.


GLOBAL TECH WRAP: Critical browser bug endangers all versions of Internet Explorer — and XP isn't getting a fix

April 29: Hackers have uncovered the first bug that could put Windows XP users at serious risk, after Microsoft ceased support for the aging operating system less than three weeks ago, PC World reports.

On Sunday NZ time, Microsoft announced that Internet Explorer (IE) versions 6 through 11 were at risk for so-called drive-by attacks from malicious websites. Windows XP is capable of running Internet Explorer 6, 7, and 8.

This new remote code execution vulnerability, dubbed CVE-2014-1776, has the potential to give hackers the same user rights as the current user. That means a successful attacker who infects a PC running as administrator would have a wide variety of attack open to them such as installing more malware on the system, creating new user accounts, and changing or deleting data stored on the target PC.

Microsoft has yet to release a fix — and of course for those using IE with Windows XP, none is on the way. Security company Symantec has recommended all IE users "immediately consider installing an alternative web browser." Alternatives include Apple's Safari, Google's Chrome and Mozilla Firefox.