Skip to main content
Advertising

Originally published Thursday, May 1, 2014 at 4:02 PM

  • Share:
           
  • Comments (0)
  • Print

Microsoft releases fix for Internet Explorer

Microsoft on Thursday released a fix for an Internet Explorer vulnerability that had been exploited by cyber attackers and had led the U.S. government to recommend people use alternate browsers until Microsoft patched the problem.


Seattle Times technology reporter

Reader Comments
Hide / Show comments
@BigHealey I myself use Windows. But I have never known anyone to went over to Apple and the Mac who regretted it or... MORE
I bought a new pc with windows 8. It is unable to install windows updates right out of the box. What a great OS! I... MORE
Whether or not this particular bug is fixed, why use IE anyway? I've been much happier with Google Chrome. MORE

advertising

Microsoft on Thursday released a fix for an Internet Explorer (IE) vulnerability that had been exploited by cyber attackers and had led the U.S. government to recommend people use alternate browsers until Microsoft patched the problem.

Users who are running Windows with automatic updates enabled will not need to take any action, as the update will download and install automatically, Microsoft said in a security advisory issued Thursday.

Individuals who don’t have automatic updates enabled on their PCs can install the fix manually by clicking the “Check for updates” button in the Windows Update portion of in their Control Panel, according to a Microsoft blog post.

Corporate IT departments can find more details on how to install the update for their organizations in Thursday’s security bulletin. Microsoft is hosting a webcast at 11 a.m. Friday geared toward answering questions from IT people about the fix.

There’s good news for Windows XP users. Although Microsoft had said earlier that any security update would not apply to the nearly 13-year-old operating system, which Microsoft had stopped supporting last month, the company said Thursday that it had decided to issue the security update to Windows XP customers.

“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today,” Adrienne Hall, general manager of Microsoft Trustworthy Computing, said in a blog post.

“We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately, this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.

“The security of our products is something we take incredibly seriously,” Hall said. “This means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers.”

The vulnerability, which affects IE versions 6 to 11, is a remote code-execution vulnerability, meaning cyber attackers could create a Web page and persuade users to view that Web page or attachment, which then allows the attackers to execute code on a machine without the victim knowing about it.

The problem was first discovered by cybersecurity firm FireEye Friday evening, which found active attacks exploiting the vulnerability on IE 9 to 11.

Microsoft posted an advisory with tips on workarounds on Saturday.

On Monday, the U.S. and U.K. governments issued recommendations for people to either implement the workarounds or use alternative browsers.

Janet I. Tu: 206-464-2272 or jtu@seattletimes.com. On Twitter @janettu.



Want unlimited access to seattletimes.com? Subscribe now!

News where, when and how you want it

Email Icon

Where in the world are Seahawks fans?

Where in the world are Seahawks fans?

Put your marker on The Seattle Times interactive map and share your fan story.

Advertising

Advertising


Advertising
The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►