{"id":7506,"date":"2014-05-01T16:48:30","date_gmt":"2014-05-01T20:48:30","guid":{"rendered":"http:\/\/thundercloud.net\/infoave\/new\/?p=7506"},"modified":"2014-05-01T16:49:41","modified_gmt":"2014-05-01T20:49:41","slug":"microsoft-backs-down-releases-patch-for-windows-xp-and-internet-explorer","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/microsoft-backs-down-releases-patch-for-windows-xp-and-internet-explorer\/","title":{"rendered":"Microsoft Backs Down, Releases Patch for Windows XP and Internet Explorer"},"content":{"rendered":"
\n
\n

Microsoft makes one-time exception, patches IE on Windows XP<\/h1>\n

Calls news coverage of IE vulnerability ‘overblown,’ but patches IE6, IE7 and IE8 on XP anyway<\/h2>\n
Microsoft today shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting.<\/div>\n<\/blockquote>\n<\/div>\n
\n

But in an unexpected move, Microsoft allowed Windows XP machines to receive the update, even though it had long held that the 13-year-old operating system had absolutely, positively retired on April 8.<\/p>\n

“I’m surprised they went out-of-band at all,” said Andrew Storms, director of DevOps at security company CloudPassage, using the term for an emergency update outside the normal monthly patch cycle Microsoft maintains. “While there was a lot of talk about this zero-day, it was mainly focused on the XP angle.”<\/p>\n

In fact, today’s turnabout\u00a0was<\/i>\u00a0bigger news than the security update itself, something Microsoft tacitly acknowledged by posting a\u00a0long blog post<\/a>\u00a0that dealt not with the patch or the vulnerability, but with its decision to give XP customers a break.<\/p>\n

In that blog, Adrienne Hall, a general manager in Microsoft’s Trustworthy Computing group, made plain that today’s release was the exception, not the rule, going forward. “We made this exception based on the proximity to the end of support for Windows XP,” Hall wrote.<\/p>\n

Microsoft dropped XP from its support list three weeks ago.<\/p>\n

But Storms questioned whether Microsoft had, knowingly or not, set a precedent that outsiders would cite each time a new vulnerability in Windows XP appeared.<\/p>\n

“For me it begs the question: So when exactly\u00a0is<\/i>\u00a0the end of life date for XP?” Storms said in an interview conducted via instant message. “What if there is another zero-day next week or next month? When is Microsoft really reallyreally<\/i>\u00a0going to put their foot down? So I’m surprised they went against their word on the end of life date. It just leaves open the door for more patches either to XP or other [outdated] platforms in the future.”<\/p>\n

Hall also seemed to blame news reports about the flaw — in particular that most reports led with the fact that XP would be vulnerable — for forcing Microsoft’s hand.<\/p>\n

“The news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us,” she said to open the blog, then later argued that the IE bug made headlines only because of its timing. “One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP,” Hall asserted.<\/p>\n

“The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown,” Hall added. “Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”<\/p>\n

Microsoft should not have been surprised that news spread about the IE flaw or that media reports focused on the fact that the bug was the first example of XP’s out-in-the-cold situation. Others in the company’s Trustworthy Computing group have long predicted that\u00a0attacks against XP PCs would increase<\/a>\u00a0once support for the OS ended, and\u00a0used the dire forecast to push customers<\/a>\u00a0into migrating to something newer.<\/p><\/blockquote>\n

Source: ComputerWorld<\/a><\/strong><\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Microsoft makes one-time exception, patches IE on Windows XP Calls news coverage of IE vulnerability ‘overblown,’ but patches IE6, IE7 and IE8 on XP anyway Microsoft today shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting. But in an unexpected move, Microsoft allowed Windows XP machines to receive the update,\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1426,779],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7506"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=7506"}],"version-history":[{"count":3,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7506\/revisions"}],"predecessor-version":[{"id":7509,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/7506\/revisions\/7509"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=7506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=7506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=7506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}