Microsoft issues fix for IE zero day

[UPDATE] An emergency out-of-band update was released today for the bug in Internet Explorer being exploited in the wild. Windows XP was patched in spite of being past its service life.
Written by Larry Seltzer, Contributor

UPDATE: On Thursday, Microsoft released an update to address the zero day vulnerability recently disclosed in all versions of Internet Explorer. Windows XP is listed as among the affected platforms, in spite of its support period ending weeks ago.

Adrienne Hall, General Manager, Microsoft Trustworthy Computing stated "[T]he security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers."

Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately.

In a blog entry, Hall explains Microsoft's approach, which mostly is to urge users to move on from Windows XP. The company decided to move quickly when they were made aware of this vulnerability and to patch Windows XP because of the proximity to its end of support period.

Further information on the update may be found at KB2964358. Among the advice there, IE will crash if you install the update on a Windows 7 system whch does not have KB2929437 installed. If you use Windows Update these determinations and appropriate installations will be made automatically. Otherwise, follow the instructions in KB2964358

[As the screen shot below demonstrates, the Windows XP update was deployed by Microsoft. We successfully installed it on a test system.]



Editorial standards