"The security of our products is something we take incredibly seriously, so the news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us," said Adrienne Hall, general manager with the company's Trustworthy Computing section on a Microsoft tech blog.
The fix, which went live today at 10 a.m. PDT, is coming outside of Microsoft's usual monthly security update cycle and is a direct response to ongoing attacks of a security vulnerability that plagued all version of Internet Explorer. The security flaw allowed malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
Today's update is being pushed out via automatic updates for those with the featured enabled. If for some reason you aren't running automatic updates you can click the “Check for Updates” button on the Windows Update portion of your Control Panel to manually get the update process going.
Even though Windows XP is no longer supported by Microsoft the company has decided to give users a reprieve and update their systems as well. Stating:
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.
Despite making today’s patch available for XP users as well, Microsoft still recommends users upgrade to new versions of Windows, Windows 7 or 8. Security experts, including U.S. CERT, recommended that users avoid using the maligned browser until a patch was made available. It is also recommended that even if you aren't running Internet Explorer as your main browser that you still install the update as it is always vital to keep your entire system patched to the fullest possible extent.