MICROSOFT HAS RELEASED a patch for the recently revealed flaw in Internet Explorer (IE), including Windows XP.
The vulnerability was revealed in late April and saw the firm admit to a problem in all versions of Internet Explorer. So far reaching was the issue that various CERTs felt obliged to advise whole countries to move away from the Microsoft web browser to alternatives.
Microsoft had suggested a workaround, but now it has released an emergency patch in advance of Patch Tuesday.
The update is rated critical across all versions of Windows, including Windows XP. Windows XP has reached end of life, but it is not forgotten, and apparently Microsoft sees continued support as a wise choice, at least in the short term.
“We have made the decision to issue a security update for Windows XP users,” said the firm in a Technet blog post.
“Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or [Windows] 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.”
The UK CERT had assumed that no such solution would be forthcoming and expected Windows XP to be most virulently attacked. As such it recommended a swift move away from the operating system.
“Its significance is likely to be that, even once patched, users of Windows XP will be at risk because on current plans no patch would be issued for that version of the operating system following its end of life. As the first such vulnerability to appear, this one is likely to receive a greater than normal level of interest,” it advised.
Microsoft pitches its fix as critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients’, and moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.
Unpatched systems leave machines and enterprises open to PC takeovers, according to Microsoft, and attacks are already out there.
“The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer,” warned the firm. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” µ