latest updates from easySERVICE™
According to a post by Dustin Childs onMicrosoft’s Security Response Center blog, Microsoft is about to release a fix for the Internet Explorer drive-by bug I discussed earlier this week.
The security hole appears in every modern version of IE, from IE6 to IE11, and it affects every modern version of Windows, from XP to Windows 8.1 Update. You can be infected just by using IE to look at a compromised website, no interaction required. The Department of Homeland Security/CERT weighed in on the bug, advising folks to prop up IE or switch to a different browser.
FireEye caught the security hole last week and published a detailed analysis on Saturday. Microsoft issued Security Advisory 2963983 on Saturday, updating it on Tuesday, listing a few workarounds that foiled the exploit discovered by FireEye, but leaving open the question of whether that same security hole could be leveraged in different ways.
When the flaw came to light, the world’s eyes (or at least the XP world’s eyes) turned on Microsoft, to see if it would go ahead and patch the faulty browsers — IE6, IE7, and IE8 — on Windows XP. That OS, you recall, was relegated to the big bit bucket in the sky less than a month ago. Now, it seems, we have an answer to the question posed last month in the Tech Watch post Windows XP countdown: Will Microsoft blink? As the crowd goes wild, the answer is yes, Microsoft will patch IE on Windows XP.
To quote Childs:
We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE11.
Sanity prevails. Kudos to the folks who got the patch out so fast — and to the folks behind them who approved the XP decision.
Source: Associated Press