Microsoft Backs Down, Releases Patch for Windows XP and Internet Explorer

By | May 1, 2014
Print Friendly, PDF & Email

Microsoft makes one-time exception, patches IE on Windows XP

Calls news coverage of IE vulnerability ‘overblown,’ but patches IE6, IE7 and IE8 on XP anyway

Microsoft today shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting.

But in an unexpected move, Microsoft allowed Windows XP machines to receive the update, even though it had long held that the 13-year-old operating system had absolutely, positively retired on April 8.

“I’m surprised they went out-of-band at all,” said Andrew Storms, director of DevOps at security company CloudPassage, using the term for an emergency update outside the normal monthly patch cycle Microsoft maintains. “While there was a lot of talk about this zero-day, it was mainly focused on the XP angle.”

In fact, today’s turnabout was bigger news than the security update itself, something Microsoft tacitly acknowledged by posting a long blog post that dealt not with the patch or the vulnerability, but with its decision to give XP customers a break.

In that blog, Adrienne Hall, a general manager in Microsoft’s Trustworthy Computing group, made plain that today’s release was the exception, not the rule, going forward. “We made this exception based on the proximity to the end of support for Windows XP,” Hall wrote.

Microsoft dropped XP from its support list three weeks ago.

But Storms questioned whether Microsoft had, knowingly or not, set a precedent that outsiders would cite each time a new vulnerability in Windows XP appeared.

“For me it begs the question: So when exactly is the end of life date for XP?” Storms said in an interview conducted via instant message. “What if there is another zero-day next week or next month? When is Microsoft really reallyreally going to put their foot down? So I’m surprised they went against their word on the end of life date. It just leaves open the door for more patches either to XP or other [outdated] platforms in the future.”

Hall also seemed to blame news reports about the flaw — in particular that most reports led with the fact that XP would be vulnerable — for forcing Microsoft’s hand.

“The news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us,” she said to open the blog, then later argued that the IE bug made headlines only because of its timing. “One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP,” Hall asserted.

“The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown,” Hall added. “Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”

Microsoft should not have been surprised that news spread about the IE flaw or that media reports focused on the fact that the bug was the first example of XP’s out-in-the-cold situation. Others in the company’s Trustworthy Computing group have long predicted that attacks against XP PCs would increase once support for the OS ended, and used the dire forecast to push customers into migrating to something newer.

Source: ComputerWorld

8 thoughts on “Microsoft Backs Down, Releases Patch for Windows XP and Internet Explorer

  1. Ken Roberts

    If it weren’t for hackers we could still have windows 98 . think about it if there were no security issues why would there be a need to up grade at all except for new tech stuff like 64 bit . Microsoft depends on security issues to maintain their wealth and they could make so much money if only they gave the consumers what worked for them in the way of up grades and they could sell those all year long, new soft ware would be a big money maker for them . But we are subject to fear and intimidation by one of the biggest companies in the world fear that we will be hacked and lose it all.

  2. Ken Roberts

    Pay rolls used to use a tag on the end of the file so it could be verified when it was transmitted by the receptor server or computer. I don’t know of anything that would work except using ones brain and not click something out of fear or the thought of getting something for nothing . I really think an OS should last a good ten years. Call me Mr. frugal!

  3. Keith Archer

    As an XP user recently given a new life period by Cloudeight, should I download the XP Driver Updates as well as the “Fix IE (speedmaxpc)” and the “Remove Malware free?


    1. infoave Post author

      NO NO NO — those are ads on that page — Never download a driver updater and make sure that you know the difference between the content of the article and an advertisement. A lot of advertisements may be for good products — like Verizon phones or Vizio computers — but I don’t think “Remove Malware Free” is a good bet, do you? If the product is really free, how are they paying for the ad? Think before you click, Keith. The Windows XP security patch for IE is delivered via Windows updates and is available from Microsoft directly – you won’t get any official Microsoft updates though ads. Thanks, TC

  4. Joan Boynton

    Thank goodness I can still use XP I would have bought a new PC if I could have gotten it or windows 7 but forced into 8 caused me to not get one. I have the key for cloud eight to fix my XP. Thanks so much will use soon 86 yrr grandmother

    Sincerely Joan Boynton

    1. infoave Post author

      If you followed our advice you could use XP anyway because you wouldn’t be using Internet Explorer — patched or unpatched, using on old version of Internet Explorer opens your computer up for all kinds of attacks. Use Chrome or Firefox – stop using the outdated Internet Explorer 8.

  5. Keith Archer

    tHANKS cLOUDEIGHT – as always much appreciate your advice (once again). I’m gonna stick with XP ’til you tell me otherwise………………………………Keith


Leave a Reply

Your email address will not be published. Required fields are marked *