Microsoft Updates Windows XP Users for IE Zero-Day
Microsoft releases an emergency update for the Internet Explorer vulnerability.Microsoft isn't quite yet ready to abandon its Windows XP users to security threats. Today Microsoft is releasing an emergency out-of-band update for a zero-day vulnerability, identified as CVE-2014-1776, that was first publicly disclosed on April 26. The Internet Explorer flaw impacts versions 6, 7, 8, 9, 10 and 11 of the Web browser with a remote code execution vulnerability. CVE-2014-1776 is particularly noteworthy in that it is the first publicly reported flaw that impacts the Windows XP operating system since that operating system officially hit its end of life with Microsoft's April 8 Patch Tuesday update. "The security of our products is something we take incredibly seriously," Adrienne Hall, general manager of Microsoft Trustworthy Computing, said in a statement. "When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers." Although Microsoft is providing an update for Window XP users, that doesn't imply that Microsoft is now changing direction and extending support for Windows XP overall.
"We have made the decision to issue a security update for Windows XP users," Dustin Childs, group manager of Microsoft Trustworthy Computing, wrote in a blog post. "Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1."