Thursday, May 1, 2014

One for the road: Microsoft patches Windows XP for SA 2963983

Microsoft has a patch for this week's pesky Internet Explorer security hole, and in a surprising development, it will be available to Windows XP customers

Follow @woodyleonhard

One for the road: Microsoft patches Windows XP for SA 2963983
According to a post by Dustin Childs on Microsoft's Security Response Center blog, Microsoft is about to release a fix for the Internet Explorer drive-by bug that I discussed earlier this week.

The security hole appears in every modern version of IE, from IE 6 to IE 11, and it affects every modern version of Windows, from XP to Windows 8.1 Update. You can be infected just by using IE to look at a compromised website; no interaction required. The Department of Homeland Security/CERT weighed in on the bug, advising folks to prop up IE or switch to a different browser.

FireEye caught the security hole last week and published a detailed analysis on Saturday. Microsoft issued Security Advisory 2963983 on Saturday, updating it on Tuesday, listing a few workarounds that foiled the exploit discovered by FireEye, but leaving open the question of whether that same security hole could be leveraged in different ways.

When the flaw came to light, the world's eyes (or at least the XP world's eyes) turned on Microsoft, to see if it would go ahead and patch the faulty browsers -- Internet Explorer 6, 7, and 8 -- on Windows XP. That OS, you certainly recall, was relegated to the big bit bucket in the sky less than a month ago. Now, it seems, we have an answer to the question posed last month in the Tech Watch post Windows XP countdown: Will Microsoft blink? As the crowd goes wild, the answer is yes, Microsoft will patch IE on Windows XP.

To quote Childs:
We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.
Sanity prevails. Kudos to the folks who got the patch out so fast -- and to the folks behind them who approved the XP decision.

This story, "One for the road: Microsoft patches Windows XP for SA 2963983," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

No comments:

Post a Comment