Microsoft decided not to wait for Patch Tuesday to fix the zero-day security hole in every supported version of Internet Explorer that could enable an attacker to deploy malware by a victim visiting a malicious website.
Redmond issued an out-of-band patch for the critical vulnerability, which is being subjected to “limited, targeted attacks.”
Security firm FireEye uncovered the security hole as well as an ongoing attack campaign, which it dubbed “Operation Clandestine Fox.”
Microsoft said that even Windows XP users will receive an update for the security bug, even though XP is no longer supported.
“We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11,” explains Dustin Childs, group manager for response communications at Microsoft Trustworthy Computing.
Security researcher Graham Cluley warns XP users not to expect this type of treatment in the future. “If I were you, I wouldn’t bank on Microsoft keep coming back to Windows XP. They’re only doing this out of the goodness of their hearts,” he writes in a blog.
Trey Ford, Global Security Strategist at Rapid7, notes that out-of-band security updates are a “big deal … Corporate and private users should prioritize downloading (testing, where required by change controls) and deploying this patch.”
– check out Microsoft’s security bulletin