Microsoft has reportedly fixed the infamous ‘zero-day exploit’ in Internet Explorer even for Windows XP which is no longer supported by the American company.
The bug allowed hackers to install malware on one’s computer without permission, and allowed hacker to steal user’s personal data, track online behavior, or gain control of the computer, CNET reported.
Microsoft on Wednesday initially said it would not provide the remedy to Windows XP users because it had stopped supporting the product. But on Thursday, as Microsoft started releasing the fix for the bug through its automated Windows Update system, a company spokeswoman said the remedy also would be pushed out to XP customers.
“We decided to fix it, fix it fast, and fix it for all our customers,” spokeswoman Adrienne Hall said on Microsoft’s official blog.
She said there had not been many attacks exploiting the vulnerability, which Microsoft decided to patch in XP “based on the proximity” to its recent end of support.
“There have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown,” she said in the blog.
At the end of last week, FireEye initially uncovered attacks involving recent versions of Windows that are still supported by Microsoft.
Then, three days ago, it began identifying attacks on Windows XP, which users would not necessarily have been able to thwart if Microsoft had not decided to roll out the update to XP users in addition to other customers.
FireEye said in a blog published on Thursday that it had observed new groups of hackers exploiting the vulnerability to attack targets in government and energy sectors, in addition to previously identified financial and defense industries.
Microsoft was under pressure to move quickly as the U.S., UK and German governments advised computer users on Monday to consider using alternatives to Microsoft’s Explorer browser until it released a fix.
Microsoft first had warned that it was planning to end support for Windows XP in 2007, but security firms estimated that 15 to 25 percent of the world’s personal computers still run on the version of the operating system that was released in October 2001.
Agencies/Canadajournal