Did Microsoft blink? That's the first reaction one might have inferred upon learning of the company's decision to include Windows XP in repairing one of the most prominent zero-day vulnerabilities in Internet Explorer in recent memory.
Microsoft could have stuck to its guns by saying it's no longer patching Windows XP and customers are on their own to either upgrade to a newer operating system or seek costlier assistance. The company had long stated that it would stop issuing patches and updates to Windows XP on April 8 of last month. But the fact that this vulnerability -- revealed earlier this week by security firm FirstEye --- is so significant and that some attackers have already exploited it against companies in the financial services industry necessitated a swift decision by Microsoft.
This vulnerability affected all versions of Internet Explorer running on all releases of Windows including those running on embedded systems, except for users who configured their browsers in protection mode. The flaw enabled attackers to take advantage of a memory corruption vulnerability in the browser. It aimed to deliver a "newer version of the years-old Pirpi RAT to compromised, victim systems by taking control of their browsers, and in turn, their systems and networks," said Kurt Baumgartner, a researcher at Kaspersky Lab, in a blog post.
While Adrienne Hall, general manager of Microsoft's Trustworthy Computing group, said in a blog post that the flaw resulted in a limited number of attacks and fears were overblown, Baumgartner suggested the threat of wider attacks was real. "Once the update and code is analyzed, it can easily be delivered into waiting mass exploitation cybercrime networks," Baumgartner warned. "Run Windows Update if you are using a Windows system, and cheers to Microsoft response for delivering this patch to their massive user base quickly."
Indeed Microsoft acted quicky and decisively but Hall warned Windows XP users shouldn't be lulled into complacency by yesterday's release of a patch for Internet Explorer running on Windows XP. "Just because this update is out now doesn't mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer," she warned. "Our modern operating systems provide more safety and security than ever before."
Posted by Jeffrey Schwartz on 05/02/2014 at 12:17 PM
Microsoft acknowledged that its emerging AI-based Bing search could affect content publisher revenue models, but also suggested that it is willing to talk terms.
Microsoft gave notice to organizations using perpetual-license Office versions about a coming 2023 milestone that could result in iffy Microsoft 365 services connections in this Wednesday announcement.
Microsoft's ongoing layoffs are hitting its home turf, with new notices affecting 1,248 people in the Redmond, Bellevue and Issaquah, Wash. areas in May.
Microsoft on Tuesday announced a new predictive language chat tool for security experts called Microsoft Security Copilot.
Microsoft announced on Monday that it has rebuilt and improved the performance of its Microsoft Teams application, and released a preview of this "new" app for commercial Windows users.
More Tech Library