Microsoft announced on Thursday that it’s officially rolling out a security patch that fixes a major hole in its Internet Explorer web browser. The flaw was noticed earlier this week and affects version 7 through 11 of Internet Explorer; Microsoft had warned against visiting unknown sites in the meantime, and even the United States Computer Emergency Readiness Team (US CERT) warned against running Internet Explorer. The bug could allow malicious websites to take over your computer.
Originally, most pundits believed the flaw would still exist in Windows XP, since Microsoft officially stopped support the operating system earlier this month. However, Microsoft said that today’s update also fixes issues related to the aging operating system.
“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” Microsoft’s general manager of trustworthy computing Adrienne Hall said Thursday. “We made this exception based on the proximity to the end of support for Windows XP.”
“The security of our products is something we take incredibly seriously, so the news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us,” Hall said. ” That means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers. So we did. The update that does this goes live today at 10:00 a.m. PDT.” Hall also suggested that there weren’t many attacks that took advantage of the security hole and said that concerns were “overblown.”
Windows users with automatic updates will receive it right away, and Microsoft suggests everyone turns on that option. If you don’t, you can also receive the update by tapping “check for updates” in your control panel menu. Hall also suggested everyone upgrade away from Windows XP and said anyone on Windows 7 should at least be running IE 11.