Microsoft includes XP users in Internet Explorer fix

Windows XP The flaw is the first major bug to impact Windows XP after official support ended

Related Stories

Microsoft has said users of its Windows XP operating system will also get the security update it has issued to fix a flaw in the Internet Explorer browser.

It issued the update on Thursday to fix a bug that let hackers gain access and user rights to computers.

Microsoft ended support for Windows XP earlier this month, ceasing to issue bug fixes or security updates for it.

But the firm said it decided to make an exception as the flaw was discovered just days after the support ended.

"Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP," Adrienne Hall, general manager of Trustworthy Computing at Microsoft, said in a blog post.

"We made this exception based on the proximity to the end of support for Windows XP."

The flaw was reported earlier this week and there had been uncertainty over whether XP users would get the update when it was released.

'Tested and ready'

Start Quote

This update is fully tested and ready for release for all affected versions of the browser”

End Quote Microsoft

The flaw affected Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it.

According to NetMarket Share, the IE versions account for more than 50% of the global web browser market.

Microsoft said that hackers could exploit the flaw by hosting a "specially crafted website" designed to exploit the vulnerability.

If users visited the website, hackers could use it to gain access to their computer and get the same rights as the machine's user.

However, hackers would have needed to convince users to view and interact with the website, and would have had "no way to force users" to view the content otherwise.

On Thursday, Microsoft said its security update fixed the flaw.

"This update is fully tested and ready for release for all affected versions of the browser," the firm said.

"The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

How movie dinosaurs lied to us

What’s wrong with cinema’s monster lizards Read more...

Programmes

  • Traffic lightsClick Watch

    From hacking cars to traffic lights - behind the scenes at a cyber-security conference

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.