Feeds

Microsoft: You know we said NO MORE XP PATCHES? Well ...

IE vuln forces rethink on mercy bullet for elderly OS support

The Power of One eBook: Top reasons to choose HP BladeSystem

Microsoft has released patches for the latest critical security vulnerability plaguing Internet Explorer, including for Windows XP – despite months of claiming that it would never release another patch for the outdated OS past April 8 of this year.

According to a blog post by Microsoft's general manager of Trustworthy Computing, Adrienne Hall, Redmond only relented on its threat to leave XP users twisting in the wind because vulnerability CVE-2014-1776 was disclosed so soon after the patch cutoff date.

"Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP (including embedded), today," Hall wrote. "We made this exception based on the proximity to the end of support for Windows XP."

Whatever Microsoft's excuse, the decision is still an about-face. Back in September, the software giant was the first to warn that any bug discovered in XP after April 8 would essentially be "a 'zero day' vulnerability forever."

Change of heart ... Adrienne Hall

Now Redmond is going as far as to let us know that the patches went live at 10am PDT (5pm GMT) and that customers who don't have automatic updates enabled should hop on over to Windows Update and click "Check for Updates," like, nowish – despite the fact that Microsoft claims the vulnerability really isn't much of a big deal.

"The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown," Hall wrote.

This, despite warnings from independent security experts – including UK and US government agencies – that Windows users should stay off IE altogether until Microsoft issues a fix.

What's more, Hall added, "Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer."

Not that that would have done you much good before today. The bug that Thursday's patch fixes allows remote code execution – meaning it could let an attacker gain control of your system – and it affects all versions of Internet Explorer from 6 through 11, so even those running Microsoft's newest OS and browser should get a-patchin'.

When El Reg asked whether Thursday's patch was an indication that we can, in fact, expect future security updates for Windows XP, a Microsoft spokesperson pointed us to Hall's blog post but otherwise declined to comment. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.