Microsoft fixes Windows XP browser security flaw

Microsoft is releasing a set of patches for all of its currently supported versions of Internet Explorer. The security updates follow the discovery of a vulnerability that could allow hackers to gain full user permissions over a PC, allowing them to install programs, view and delete data, and much more simply by visiting a malicious website. The major flaw was discovered last weekend, so Microsoft has moved quickly to react to this particular vulnerability outside of its normal Patch Tuesday. The security updates will be available on Windows Update at 1PM ET today.

While Microsoft may have killed off support for Windows XP last month, the company is taking the highly unusual approach of releasing a security update for its nearly 13-year-old operating system today. “We’ve decided to provide an update for all versions of Windows XP (including embedded), today,” explains Microsoft’s Adrienne Hall. “We made this exception based on the proximity to the end of support for Windows XP.” Microsoft still creates security patches for Windows XP designed for businesses who pay a large sum for extended support contracts, but those specific patches are generally not released to the public.

Microsoft says security concerns were overblown

Both the US and UK governments advised web users to use alternative browsers this week due to the flaw, but Microsoft has dismissed the severity of the warnings. “The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown,” says Hall. The support exception means Windows XP users are no longer at risk, but Microsoft is still encouraging XP users to upgrade to Windows 7 or Windows 8.1 regardless.

http://www.theverge.com/2014/5/1/5671878/microsoft-internet-explorer-windows-xp-update