Microsoft backs down, will fix Internet Explorer vulnerability—even on Windows XP
Microsoft’s support for Windows XP is over. It really is. But because of the company’s sense of responsibility, it will fix and Internet Explorer vulnerability that affects XP—just this once.
That was the message that Microsoft sent in a blog post on Thursday, when it said it would fix all versions of Internet Explorer that were affected by a vulnerability discovered over the weekend. The bug was deemed so serious that the Department of Homeland Security recommended that users avoid using Microsoft’s browser until it had fixed the vulnerability.
“We take a huge amount of pride that, among widely used browsers, IE is the safest in the world due to its secure development and ability to protect customers, even in the face of cybercriminals who want to break it,” Adrienne Hall, the general manager of trustworthy computing for Microsoft, wrote. “This means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers. So we did.”
Users who have automatic updates enabled—and you should—will automatically receive the update beginning at 10 AM, Hall wrote.
Officially, Microsoft terminated Windows XP support on April 8, opening a door to the so-called “XPocalypse”. Since Microsoft wouldn’t patch new vulnerabilities found in Windows XP—and in the associated browser, Internet Explorer 6, the reasoning went that customers would continue to be vulnerable to new exploits discovered in the operating system. Other browser makers including Google and Mozilla have said that will keep on supporting Windows XP, however, offering some measure of protection.
But Hall said that the fact that a vulnerability of such severity was discovered so soon after the end of Windows XP support changed its mind.
“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” Hall wrote. “We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”
But Hall also offered the expected words of warning: “Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer,” she wrote.
In this case, Microsoft is playing the role of a patient parent: Warning of the consequences, following through, but also protecting the child before he or she hurts itself. How long it will continue to do that, though, is an open question.