ID: IRCNE2014052180
Date: 2014-05-03
According to “ComputerWorld”, Microsoft shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting.
But in an unexpected move, Microsoft allowed Windows XP machines to receive the update, even though it had long held that the 13-year-old operating system had absolutely, positively retired on April 8.
In fact, today's turnabout was bigger news than the security update itself, something Microsoft tacitly acknowledged by posting a long blog post that dealt not with the patch or the vulnerability, but with its decision to give XP customers a break.
In that blog, Adrienne Hall, a general manager in Microsoft's Trustworthy Computing group, made plain that today's release was the exception, not the rule, going forward. "We made this exception based on the proximity to the end of support for Windows XP," Hall wrote.
Microsoft dropped XP from its support list three weeks ago.
MS13-021 patched a single vulnerability in IE6, IE7, IE8, IE9, IE10 and the newest, IE11, on all supported editions of Windows, as well as XP. The bug was rated "critical" for all client versions of Windows -- XP, Vista, Windows 7, Windows 8 and Windows 8.1 -- but "moderate," two steps down in its four-step threat scoring system, for all Windows Server editions.
The critical vulnerability was first reported to Microsoft by FireEye last week. On Saturday, Microsoft issued a security advisory that offered several temporary ways to defend PCs from attacks.
This patch can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services (WSUS).
- 4