Microsoft Plugs Major Security Hole In IE, Throws Windows XP Users A Bone

Rather than wait around another couple of weeks until this month's scheduled Patch Tuesday to address a security flaw in virtually all versions of its Internet Explorer browser, Microsoft decided the situation was serious enough to warrant an out-of-band security update. The fix has been fully tested and is ready to deploy on affected versions of the browser, which span from from IE6 and later.

"The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. If you’re unsure if you have automatic updates, or you haven’t enabled Automatic Update, now is the time," Microsoft stated in a security blog. "For those manually updating, we strongly encourage you to apply this update as quickly as possible following the directions in the released security bulletin."

Microsoft's update fixes a serious zero day vulnerability in IE that, left unpatched, could allow a hacker to remotely gain access to your PC and cause trouble. Malicious code is slipped in through your browser by visiting an infected website. This isn't a theoretical threat, either -- Microsoft said it's aware of "limited, targeted attacks" having already occurred in the wild.

Windows Update

The threat is so severe that the U.S. government urged everyone to stop using IE right away and recommended using a third-party browser such as Chrome or Firefox until a fix was issued. That day has come, and for those of you clinging to Windows XP, you're in luck.

"We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11," Microsoft said.

Microsoft officially stopped supporting Windows XP on April 8, 2014, which means no more security updates or technical support. However, this vulnerability happened so soon after XP's end-of-life date and is so severe that Microsoft decided to throw XP users one last bone before pretending they no longer exist.