Microsoft releases fix for Internet Explorer security bug… including a patch for Windows XP users

1398703540000-Windows-IE

After details about a critical security bug affecting Internet Explorer 6 to 11 on Windows XP through 8.1 hit the web, it was inevitable that Microsoft would fix the issue and release a patch to keep everyone safe(er). And today Microsoft has done exactly that: a patch for the hole in Internet Explorer has been released and you can get the patch by running Windows Update. (If you have Windows Update configured to download and install updates automatically, you will get the patch without having to do anything although I’d recommend manually trigger Windows Update anyway.)

What is surprising, however, is that Microsoft included a patch for Internet Explorer on Windows XP. This is surprising because official support for Windows XP ended in April, meaning Microsoft is no longer responsible for and will no longer issue any updates to Windows XP (aside from to those countries or companies that paid Microsoft to extend Windows XP support for a bit longer.) Really no one expected Microsoft to issue the patch for Windows XP, yet they have.

This is what Adrienne Hall, general manager of Microsoft Trustworthy Computing group, has to say about XP being included in today’s patch:

Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded) today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.

Personally speaking, while I’m happy that Microsoft decided to not leave Windows XP users on their own for this bug, I must question Microsoft’s wisdom.

In my mind, either you end Windows XP support or you don’t; either you continue to provide patches, or you don’t. Having one foot in both worlds is not helping anyone. Sure, Windows XP users are safer thanks to patch, but they aren’t safe — there is bound to be another bug that will be discovered sooner rather than later… a bug Microsoft won’t patch because XP support has ended. And Microsoft releasing a patch for Windows XP after official support has ended is counterproductive when, at the same time, Microsoft and IT experts are trying to convince people to move away from XP. Indeed, many XP’ers will take this as a sign that, to them, means XP support really hasn’t ended and there is no reason to switch… which is not true because Microsoft won’t continue to issue patches for XP.

In other words, in trying to be helpful Microsoft has done the opposite.

Nonetheless, it is good that Microsoft has released the patch because in-the-wild attacks using the security hole were already detected. Of course, in-the-wild attacks will continue but at least people will be patched against this particular vulnerability.

[via ArsTechnica]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

5 comments

  1. conceptualclarity

    [@ Rev1] “What has been proven to be unsafe are MS’s own patches, leaving users with the blue screen of death or unable to boot their computer.”

    Has anyone ever made a cataloging of Microsoft updates indicating which ones are safe and which ones are unsafe?

  2. Rev1

    It appears XP is no more ‘unsafe’ than any of Microsoft’s other operating systems – they all needed a patch too. It is ridiculous to say XP is unsafe, with all the third-party applications available. What has been proven to be unsafe are MS’s own patches, leaving users with the blue screen of death or unable to boot their computer. By the way, I had my MS Automatic Updates set to NOT download or restart without my knowledge, and this time (for the first time) this didn’t work; it appears Microsoft hacked in to my computer, or something!

  3. Mike S.

    LOL: no good deed ever goes undone. I, for one, am appreciative that the Big M included XP in the patch fix, for the reasons noted by Microsoft, and don’t think that in having done so, anyone will be confused about XP’s end-of-lifecycle.