Microsoft has rolled out an emergency patch to fix an Internet Explorer vulnerability

Emergency Windows XP update rolled out despite end of support

Microsoft has rolled out an urgent update to fix a Windows XP Internet Explorer vulnerability despite having discontinued support for the system this month as hundreds of millions of users haven’t upgraded yet.

The bug, identified last weekend by cyber-security company FireEye, had been used by hackers to launch attacks in a campaign dubbed "Operation Clandestine Fox."

Although computers running Windows 7 and 8 have also been targeted, the outdated Windows XP have been said to be the most vulnerable.

The bug enables the hackers to gain complete access to computers of their victims by redirecting them to malicious websites.

FireEye said the attackers were mostly focusing on government organisations and the energy, defence and financial sectors, though private individuals had not been spared either.

Microsoft on Wednesday initially said it would not provide the remedy to Windows XP users because it had stopped supporting the product in early April. However, on Thursday, as the company started releasing the fix for the bug through its automated Windows Update system, a company spokeswoman said the remedy also would be pushed out to XP customers.

"We decided to fix it, fix it fast, and fix it for all our customers," spokeswoman Adrienne Hall said on Microsoft's official blog.

She said there had not been many attacks exploiting the vulnerability, which Microsoft decided to patch in XP "based on the proximity" to its recent end of support.

"There have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown," she said in the blog.

Microsoft was under pressure to move quickly as the US, UK and German governments advised computer users on Monday to consider using alternatives to Microsoft's Explorer browser until it released a fix.

Microsoft first had warned that it was planning to end support for Windows XP in 2007, but security firms estimated that 15 to 25 per cent of the world's personal computers still run on the version of the operating system that was released in October 2001.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close