Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

May 1, 2014 at 11:07 AM

Microsoft releases fix for Internet Explorer vulnerability

Microsoft has released a fix for an Internet Explorer vulnerability that had been exploited by cyber attackers and that had led the U.S. government to recommend that people use alternate browsers until Microsoft patches the problem.

People running Windows with “Automatic Updates” enabled will not need to take any action since the update will be downloaded and installed automatically, Microsoft said in a security advisory issued today.

Individuals who don’t have automatic updates enabled on their PCs can install them manually by clicking the “Check for Updates” button on the Windows Update bar in the Control Panel.

Corporations’ IT departments can find more details on how to install the update for their organizations in the security bulletin issued today. Microsoft is hosting a webcast at 11 a.m. tomorrow geared toward answering questions from IT people about the fix. Registration for the webcast is here.

And good news for Windows XP users: Although Microsoft had said earlier that any security update would not apply to the nearly 13-year-old Windows XP, which Microsoft had stopped supporting last month, the company said today it made the decision to issue the security update to Windows XP customers.

“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” Adrienne Hall, general manager of Microsoft Trustworthy Computing, said in a blog post today. “We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.”

“The security of our products is something we take incredibly seriously,” Hall said. “This means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers.”

The vulnerability, which affects IE 6 to 11, is a remote code execution vulnerability, meaning cyber attackers could create a web page and convince users to view that web page or attachment, which then allows the attackers to execute code on a machine without the victim knowing about it.

The problem was first discovered by cybersecurity firm FireEye Friday evening, which found that active attacks exploiting the vulnerability on IE 9 to 11. Microsoft posted an advisory with tips on workarounds on Saturday. On Monday, the U.S. and U.K. governments issued recommendations for people to either implement the workarounds or use alternative browsers.

Comments | More in Microsoft | Topics: internet explorer


No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.

The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.

The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited content access is included with most subscriptions.

Activate Subscriber Account ►