Earlier this week PCMag reported on a zero-day bug in Internet Explorer that would allow cybercrooks to run arbitrary code on users' PCs. Just visiting a malicious website would suffice to allow the attack, and the bug affected all versions of IE from 6 to 11. Worse, given that XP has reached its end of support, those holdouts still using XP would be permanently vulnerable. Good news! Not only has Microsoft released a patch for all versions of IE, they're even patching XP's Internet Explorer 8.
According to a Microsoft post, the patch started rolling out around 10am (Pacific time) today. If you have automatic updates enabled, you don't need to do a thing. If you've chosen to have Windows Update await your confirmation before installing updates, be sure to give it that confirmation as soon as you see the notification. Of course, if you've turned off automatic updates altogether, you'll have to perform a manual installation.
In the post, Microsoft's Dustin Childs said, "Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system." He also noted that "customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11." XP users, sorry, he didn't mean you. Windows XP systems can't run any version later than IE 8. I powered up a Windows XP virtual machine, dismissed the popup warning about XP's end of support, and logged in to check for updates. Sure enough, the fix showed up.
The update does come with a warning for Windows 7 systems that don't have an IE11 update from earlier this month in place. On those systems, installing today's update will crash IE 11. Of course, if you have automatic updates turned on you've got nothing to worry about.
I'm pleased to be wrong about what would have been a permanent vulnerability for those still using XP. Good job, Microsoft!
No comments:
Post a Comment