MICROSOFT ISSUES FIX FOR MAJOR INTERNET EXPLORER BUG
Microsoft issued a patch to fix a serious bug in Internet Explorer. Customers who have automatic updates enabled won’t need to take and action, but Microsoft encouraged users without that service “to apply this update as quickly as possible.” Microsoft also decided to issue a fix for Windows XP users, even thought the company dropped support of that operating system in April.
The patch comes just a few days after security company FireEye revealed the flaw — which affected Internet Explorer versions 6 through 11. Microsoft followed up with its own “security advisory” on Saturday, in which the company warned hackers had already used the flaw to launch “limited, targeted attacks.” With so many attacks, hackers can start with methods like convincing users to click on fake websites, Microsoft explained. From there, the glitch could allow attackers to run malicious software on the user’s computer — and even gain the same level of access to the computer as the real user.
Microsoft’s patch fixes that problem. Microsoft reiterated that users should upgrade to Windows 7 or 8.1, and to the latest version of Internet Explorer, IE 11. “The security of our products is something we take seriously,” Adrienne Hall, the general manager of Microsoft’s trustworthy computing division, said in a blog post on Thursday. “When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers.”
Before that fix came in, even the Department of Homeland Security weighed in with an advisory, calling on users to run alternative web browsers in the interim. But Hall said that the “concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously.”