Microsoft to release IE security patch today, including one for Windows XP

In a change of heart, Microsoft has announced that versions of Internet Explorer that are still being used by Windows XP will indeed get a security patch to fix a recently discovered exploit in the web browser.

In a blog post, Microsoft said the patch will be released later today for all supported versions of IE (6-11). The patch will be delivered via Automatic Update but users can choose to download the patch manually when it becomes available. The post added:

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.

The post doesn't give a specific reason why Microsoft decided to break from its plans to not offer any more updates to the 12 year old operating system since it ended support for XP on April 8. Microsoft's security team will hold a webcast at 11 am Pacific time (2 pm Eastern time) Friday where more information about the patch will be made available.

The exploit itself was first revealed last week and would have allowed for hackers "to execute arbitrary code in the context of the current user within Internet Explorer" if they surf to a website coded to take advantage of the browser hole.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Oculus VR could face lawsuit from the former employer of CTO John Carmack

Next Story

Teaser for next Call of Duty game released, reveal slated for Sunday

48 Comments

Commenting is disabled on this article.

MS should support XP until the release of their next OS which hopefully will be better received than Win 8 then they could see a mass migratory from XP at which point they can then euthanize it.

Why is it that people and the news media are completely missing the reality here?

Microsoft is not doing anything 'right' or 'generous' - they HAVE TO do this update because the update is for INTERNET EXPLORER - NOT WINDOWS XP.

Internet Explorer is NOT Windows XP, which should be clear after the Billions of dollars that MS spent in legal fees proving it is NOT INTEGRAL to the operating system - followed by LOSING that antitrust case and then having to remediate by further separating the Browser from the OS to further prove they are separate products.

Releasing an update for IE is no different than releasing updates for Office 2010.

Microsoft made a mistake supporting an unsupported OS. I have people asking me about it now, which is causing confusion. All that noise Microsoft made about upgrading has just been undone. Good job, Microsoft. All this does is keep users safe for two more days, until the next hole is found, and gives users a false sense of security.

Got to agree. Everyone knew the hordes were going to show up to beat down the walls on XP. That castle should be left to fall.

Good to see Microsoft has a set of stones, and the will to do this. They should and did keep their browser updated, even if the OS itself isn't.

This is good timing for XP users but only because the exploit affects all modern versions too.

They won't get this again.

I downloaded the patch for XP and IE8 (32-bit):

IE8-WindowsXP-KB2964358-x86-custom-ENU

and it crashed my system, BSOD, NO_MORE_IRP_STACK LOCATIONS

Has this happened to anyone else?

darkrats said,
I downloaded the patch for XP and IE8 (32-bit):
IE8-WindowsXP-KB2964358-x86-custom-ENU
and it crashed my system, BSOD, NO_MORE_IRP_STACK LOCATIONS
Has this happened to anyone else?

I found the solution. There was a conflict between this update and Symantec Endpoint Protection. I completely shut down the program. Installed the update to IE8, and then rebooted. Problem solved. One of those rare times when I can say that I didn't read about a solution but discovered it through some detective work. It was a nice evening.

XP has a further year of support in the UK and I think China.

British government paid MS some monies for the xtra year.

I just got an update for IE 11 on my Windows 8.1 install. Its KB2964358 ( security update). Looks like it.

A great gesture but how much of a concern is that this will set a precedent, causing the community to keep clamoring for continued Windows XP support?

Cesar Mattos said,
They should have released IE11 to XP to fight FF and Chrome

Impossible. IE 11 uses technologies not supported by XP at all.

Cesar Mattos said,
They should have released IE11 to XP to fight FF and Chrome

If people won't upgrade to IE8 on XP they wouldn't upgrade to IE11 either.

testman said,
Yes, they did. IE6 support ended same date as XP did.

Actually IE6 will be officially discontinued next year along with Server 2003.

Denis W. said,
Sorry but business needs come first before a silly agenda.

If your business is still running XP, I doubt "business needs" are coming first.

Denis W. said,
Sorry but business needs come first before a silly agenda.
Companies still running XP are guilty of corporate malfeasance. If I were a shareholder of one, I'd file complaints with regulatory entities. There is just NO EXECUSE at this point.

Dot Matrix said,

If your business is still running XP, I doubt "business needs" are coming first.

I've said this before, and I'll say it again... we have US Government contracts where I work that spell out specifically that we need to support certain software programs that run ONLY on Windows XP. Not Windows 7, not Windows 8, XP. So like it or not, we still have to keep Windows XP on systems to meet our contractual obligations.

Unless you'd like a couple of tons of satellite crashing directly on to your house.

SiLeNtDeAtH said,
Companies still running XP are guilty of corporate malfeasance. If I were a shareholder of one, I'd file complaints with regulatory entities. There is just NO EXECUSE at this point.

What a stupid statement!! We have software provided by our suppliers that WILL NOT run on anything newer than XP so we have no choice but to continue using it. Obviously we have isolated the machines from our main network, but they still require internet access :(

Olly- said,

What a stupid statement!! We have software provided by our suppliers that WILL NOT run on anything newer than XP so we have no choice but to continue using it. Obviously we have isolated the machines from our main network, but they still require internet access :(


Stupid is sticking with supplier software that won't run on anything else but XP.

SiLeNtDeAtH said,
Companies still running XP are guilty of corporate malfeasance. If I were a shareholder of one, I'd file complaints with regulatory entities. There is just NO EXECUSE at this point.

and... wow...

Ok... I know we're all entitled to an opinion.. but, this for me.. is one where you just gotta stop and go... WTF?

Alright.. let's see if we can argue about ending this dumb debate on whether or not a company should, or shouldn't .. could or couldn't use an updated system.

A foster parent once told me... "Never make suggestions unless you're willing to help." Also adding in there.. "if ya want something done, do it yourself".

So.. in conclusion, and without further ado..... IF YOU want all these companies to upgrade:
Pay their costs. Pay their fees. Pay their employees to double, triple check systems compatibilities. Pay for any down time they may have. Pay to fix any issues caused by the upgrades. Keep paying the investors regardless if you're making money or not if the systems are down. And... since you want this, get your butt in there and do it all by yourself!

The world didn't come to an end with the Y2K bug (design flaw).. and it won't come to an end even if half of those using XP, still use it after the release of Windows 11.

Whilst I agree with you, working myself in a companie that requires XP for some cases, I don't think there will ever be an end to this debate.
There is always going to be someone that has no clue with the arguments: It's your own fault; It's the managements fault; It's IT's fault; There is no excuse to run XP
blablabla
And by the way, the companies with extended contracts that are paying now for XP support, they will be the only ones getting any updates. Whatever is being developed now is not going out to the public, bar some exceptions. You don't except the few companies to cough up these huge sums so that the updates get made available to everyone, do you?

SiLeNtDeAtH said,
Excuses, excuses, excuses. No run ever runs short of them.

From those of us who work in the real world? Reality takes front and center, especially when you're talking contracts worth tens of millions of dollars. I don't think any major company is going to give that up simply because you need to move a hundred machines off of Windows XP.

If XP is what it takes, then XP is what you use.

Companies are more than allowed to continue to use XP. However, don't cry when you get hacked and lose your customer's personal data.

If taking IT security and keeping your systems up to date isn't important to a company, then that company doesn't deserve to have anyone's business.

There are special cases where you may need to use XP, but in no way should XP be your main OS.

Tal Greywolf said,

I've said this before, and I'll say it again... we have US Government contracts where I work

Somehow I doubt you are legally qualified to make such a remark.

Note : I'm not suggesting it's false, btw.

Tal Greywolf said,

From those of us who work in the real world? Reality takes front and center, especially when you're talking contracts worth tens of millions of dollars. I don't think any major company is going to give that up simply because you need to move a hundred machines off of Windows XP.

If XP is what it takes, then XP is what you use.

Then you deserve what you get.

LightEco said,
Running XP in your business still is itself a silly agenda.

Not every business has the funds to upgrade right away, however that isn't the biggest reason. Most large million dollar machines or those that are semi close in those costs in most industries run the OS since the software to run the machines won't or can't run on anything else. Not being supported on any other OS or could be for various reasons. I worked for a company that had Windows 98 on many machines all the way up to 2007 when I left and that was just how it was in order for the systems to function. Try not to be so quick to judge what people and businesses do without really knowing the whole truth next time.

sava700 said,

Not every business has the funds to upgrade right away, however that isn't the biggest reason. Most large million dollar machines or those that are semi close in those costs in most industries run the OS since the software to run the machines won't or can't run on anything else. Not being supported on any other OS or could be for various reasons. I worked for a company that had Windows 98 on many machines all the way up to 2007 when I left and that was just how it was in order for the systems to function. Try not to be so quick to judge what people and businesses do without really knowing the whole truth next time.

"Right away..." // People have had several years to begin planning upgrades. XP's EoL didn't come overnight.

They're still developing and pushing out the patches for IE6 because of Windows Server and the companies paying for support. Maybe this exploit is a pretty big deal so they're just going to distribute the patch to everyone.

mrp04 said,
They're still developing and pushing out the patches for IE6 because of Windows Server and the companies paying for support. Maybe this exploit is a pretty big deal so they're just going to distribute the patch to everyone.

Exactly, not to mention given the wide spread press this has gotten and DHS suggesting people not use IE till it's patched it makes max PR sense. I wouldn't be surprised if they make another exception or two like this prior to next July, and doing so costs them effectively nothing.