Marchingontogether
TK Veteran
Microsoft has decided to include Windows XP in a security update to fix an infamous flaw in its IE browser despite claims there would be no more free fixes for the outdated OS.
Microsoft discontinued updating XP in April in a bid to encourage users to upgrade to newer versions of Windows. However, too many individual and business users continue running Windows XP, including the British government, which had to pay millions of pounds for another year of security updates. This is why Microsoft has decided to include XP in the update and provided it free to everyone, while encouraging them to upgrade to the latest version of IE.
Microsoft issued the update because of the proximity to the end of support for XP, but in fact, there have been a very small number of attacks based on this particular vulnerability and concerns were believed to be overblown.
However, some security experts pointed out that they had seen a number of attacks exploiting the flaw in IE 8, including some by state-sponsored hackers. The attacks were recorded against the Defense and Financial sectors, and, more recently, against the Government and Energy sectors. The vulnerability was discovered a few days ago, and Microsoft issued a statement explaining how hackers could gain access to any PC and all its settings by drawing users to malicious websites through links received in emails or other messages.
The decision to update the XP version of the browser, which is a key element of the operating system and often exploited by hackers, makes some wonder whether Microsoft will manage to ignore future threats if any. In addition, the free patch also calls into question the commercial contracts that governments and big businesses have negotiated to keep special cover for XP.
Microsoft announced that the security of its products is something the company takes very seriously, and it believes that, among widely used browsers, Internet Explorer is the safest browser in the world thanks to its secure development and ability to protect customers, even in the face of cybercriminals willing to break it.
The flaw emerged just a few weeks after the Heartbleed bug was discovered by security experts – a 2-year-old weakness in the encryption used to protect sensitive information, including passwords, when being sent between machines. The bug is still being tackled with patches to fix affected sites.
Microsoft discontinued updating XP in April in a bid to encourage users to upgrade to newer versions of Windows. However, too many individual and business users continue running Windows XP, including the British government, which had to pay millions of pounds for another year of security updates. This is why Microsoft has decided to include XP in the update and provided it free to everyone, while encouraging them to upgrade to the latest version of IE.
Microsoft issued the update because of the proximity to the end of support for XP, but in fact, there have been a very small number of attacks based on this particular vulnerability and concerns were believed to be overblown.
However, some security experts pointed out that they had seen a number of attacks exploiting the flaw in IE 8, including some by state-sponsored hackers. The attacks were recorded against the Defense and Financial sectors, and, more recently, against the Government and Energy sectors. The vulnerability was discovered a few days ago, and Microsoft issued a statement explaining how hackers could gain access to any PC and all its settings by drawing users to malicious websites through links received in emails or other messages.
The decision to update the XP version of the browser, which is a key element of the operating system and often exploited by hackers, makes some wonder whether Microsoft will manage to ignore future threats if any. In addition, the free patch also calls into question the commercial contracts that governments and big businesses have negotiated to keep special cover for XP.
Microsoft announced that the security of its products is something the company takes very seriously, and it believes that, among widely used browsers, Internet Explorer is the safest browser in the world thanks to its secure development and ability to protect customers, even in the face of cybercriminals willing to break it.
The flaw emerged just a few weeks after the Heartbleed bug was discovered by security experts – a 2-year-old weakness in the encryption used to protect sensitive information, including passwords, when being sent between machines. The bug is still being tackled with patches to fix affected sites.
