The Schwartz Report

Blog archive

Microsoft Didn't Blink when Offering XP Support in IE Patch

Did Microsoft blink? That's the first reaction one might have inferred upon learning of the company's decision to include Windows XP in repairing one of the most prominent zero-day vulnerabilities in Internet Explorer in recent memory.

Microsoft could have stuck to its guns by saying it's no longer patching Windows XP and customers are on their own to either upgrade to a newer operating system or seek costlier assistance. The company had long stated that it would stop issuing patches and updates to Windows XP on April 8 of last month. But the fact that this vulnerability -- revealed earlier this week by security firm FirstEye --- is so significant and that some attackers have already exploited it against companies in the financial services industry necessitated a swift decision by Microsoft.

This vulnerability affected all versions of Internet Explorer running on all releases of Windows including those running on embedded systems, except for users who configured their browsers in protection mode. The flaw enabled attackers to take advantage of a memory corruption vulnerability in the browser. It aimed to deliver a "newer version of the years-old Pirpi RAT to compromised, victim systems by taking control of their browsers, and in turn, their systems and networks," said Kurt Baumgartner, a researcher at Kaspersky Lab, in a blog post.

While Adrienne Hall, general manager of Microsoft's Trustworthy Computing group, said in a blog post that the flaw resulted in a limited number of attacks and fears were overblown, Baumgartner suggested the threat of wider attacks was real. "Once the update and code is analyzed, it can easily be delivered into waiting mass exploitation cybercrime networks," Baumgartner warned. "Run Windows Update if you are using a Windows system, and cheers to Microsoft response for delivering this patch to their massive user base quickly."

Indeed Microsoft acted quicky and decisively but Hall warned Windows XP users shouldn't be lulled into complacency by yesterday's release of a patch for Internet Explorer running on Windows XP. "Just because this update is out now doesn't mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer," she warned. "Our modern operating systems provide more safety and security than ever before."


Posted by Jeffrey Schwartz on 05/02/2014 at 12:17 PM


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus