Microsoft updates Windows XP to dodge IE flaw

Microsoft says threat is "overblown" but still issues an update to XP, only 23 days on from what was supposed to be the last patch

Nicole Kobie
1 May 2014

It only took three weeks: Microsoft has issued an update for Windows XP, holding out 23 days from the release of the supposedly final security patch for the aging OS.

XP received what was meant to be its last update at the beginning of April, but earlier this week all versions of Internet Explorer were revealed to have a serious flaw being actively used by hackers.

Microsoft has rushed out a patch to fix the flaw, and included XP in the list.

Adrienne Hall, the general manager of Trustworthy Computing at Microsoft, said the company takes pride in IE being a safe browser. "This means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers," she said in a blog post. "So we did."

Hall said the vulnerability wasn't as bad as media reports suggested, and that what "drove much of this coverage was that it coincided with the end of support for Windows XP".

She added there was only a "small number of attacks" and "concerns were, frankly, overblown".

However, Microsoft has still decided to U-turn and update XP, while suggesting users shouldn't assume that will happen again. "Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today," Hall said. "We made this exception based on the proximity to the end of support for Windows XP."

Hall said users shouldn't take this as a sign that XP was safe to use, and encouraged people to upgrade away from XP.

Users will get the update automatically via Windows Update, or can ask Windows to check for updates via the Control Panel.

Read more about: