Microsoft issues security patch for Internet Explorer

internet explorer

Microsoft is issuing a fix for the "zero-day" vulnerability found in Internet Explorer last week. The update should be rolling out to all users any time now. In addition to updating Internet Explorer, Microsoft is also providing a fix for Windows XP, despite the fact that the operating system is no longer officially supported. The fix was issued because support for XP ended recently.

While they are updating XP with a fix for this issue, Microsoft says that they really don't have the ability to protect customers using an operating system that's more than a decade old at this point. They are encouraging users of Windows XP to upgrade to a more modern system such as Windows 7 or Windows 8.1. Microsoft also says that current Windows 7 users should upgrade to Internet Explorer 11.

Source: Microsoft


Reader comments

Microsoft issues security patch for Internet Explorer


In this context, a comment is a statement or statements relative to either the article or someone else's comment. Since you were first, you could not have commented about someone else's comment. And since you didn't address the article, but simply made a statement, you still have not been the first one to comment. Sorry, Bro.

That was one heck of a way to own someone. And funny too...but its still the first post sitting on inline "1"

Its probably the exact same fix being applied to other versions and costs them nothing to release. The fix should also force all IE installs to a more current version.

>The fix should also force all IE installs to a more current version.


... which would break thousands of (admittedly lame) vended applications running in large companies around the world. You'd be surprised how many web-based apps will not work properly on anything newer than IE 9. It's crazy.

Amen to that! Our company would not be able to function on IE 11. Our document management software just flat doesn't like it.

Let's put it this way, the exploit was there long before Microsoft stopped to support XP, and I don't really think by punishing XP users anyone will benefit from it. When they are ready and really care for their data and privacy they will eventually upgrade.

Yea...plus I think that since they are supporting so many XP users like countless government agencies that they kinda had to develop the fix any ways or either like some one else said that it was probably the same code base...either way it would have been bad press for MS to ditch XP users like that.

Not that you guys have a language academy to watch out and care about new additions to the corpus like we do have in Spanish. In English, you can literally make up whatever word you want and as long as it doesn't already exist and its meaning can be easily grasped, everything it's alright. If it gets popularity, you're most likely to see it added to the next edition of the Oxford dictionary in a year or so. LOL!

Pretty sure this has nothing to do with being a fan boy. But I guess since you obviously know me better than me, I am probably wrong about that.

I guess @ least 5.5 & 6 aren't being patched anymore anyone using those versions are asking for their computers to be infected(that is if there is any malicious software/sites that still target these versions)

A guided chunk of users are from big businesses that have too many computers and not enough time. Let Microsoft be the good parent here for a bit longer, but still warn that there's problems that will arise.

Same argument could be used for almost any tech (Wp vs iPhone) , but people still defy logic everyday.

My point: All the governments employees around the world still using XP and are forced to use IE for work.

Some of these governments have paid for extended support, but not all of them.

Are you asking why someone that is still using XP might use a "stone age" version of a browser? 


I think it's actually pretty likely that someone running stone age XP would also be using stone age IE along with other stone age software.

They're using XP because they can't upgrade because it's not free while a browser is free to upgrade so I don't see your point.

Unless you forgot that some institutions are strictly forbid their employee to install any apps on their workstation (with the exception with apps that provided by the company itself). This, also including browsers. I still remember the headache when working on some project and found out that the client will only use IE and only IE (no other browser is installed). And to make it worst, it's IE6 that came along with XP. How suck is that?

Well in some areas older computers are used more than new ones.meaning funds may be an issue thus making upgrading an issue. Forcing things isn't always sound. The IE issue needed to be addressed.funny how the media is all loud about this issue, but if it was an IOS thing it would be shhhh say it softly.

Glad to see the fix was applied fairly swiftly :) I wonder if the security patch is going to give people some false hope of XP still being supported

Good Guy MS,if this was Google issuing a patch XP users would have been shown the middle finger just like the Android 4.1.1 users vulnerable to heart bleed bug

I can go back to IE now, thank god. I thought I would try Firefox and Opera again after years of not using them. The things that I didnt like was that neither browser keeps the zoom level for every web page that I visit. Firefoxes bookmarking sucks. I cant figure out how to pin sites to the bookmark tab or to the toolbar. I also couldnt figure out how to change Googles search bar on Operas home page to Bing. The rest of the search preferences changed to Bing, except for the home page search bar. I will miss the add ons for Firefox though.

I have tried and tried to like Bing. It is sh*t though (I'm in the UK).
I am persisting with it...but only because I really don't like Google.
My grievances though - searches aren't remotely local. I search for BBC News - I get bbc.com as my first search result. That is the commercial website for the BBC that is available to everyone outside the UK. I should be getting bbc.co.uk.
Other issues - no auto web page translation. No dedicated 'news' tab. No google shopping equivalent...
It just doesn't seem to deliver relevant searches.

I would actually take a guess and say that most internet searches for the BBC aren't local, to the UK. If the algorithm pulled up most popular relevant searches, they would probably be for their external (.com) site. Not sure how many people they are in the UK, at the moment, but there are 380-odd million, in America, and the BBC, it's wildly popular here too. If a fraction of Americans search for BBC content online it could upvote the .com site. I searched for an entire day for a way to stream Misfits, for free, before I just shucked out to Hulu. Damn you BBC 4!!!!!!

You may well be right. But Google does localise the searches. In fact, until I switched to Bing, I didn't even realise there was a bbc.com!!
Bing may be great in the US...but it is a poor substitute elsewhere (and I really wish it wasn't!)

Until they get some decent browser extenstions and sync across machines, I can't go back to Opera.  The whole browser seems like it took a step back once it switched to webkit.

Ada lubang di Internet Explorer katanya.....
Should immediately update to Internet Explorer... Is it true there are issues that have not been patched holes...

Don't worry MS windows 9 will be a hit operating system like 98,XP and 7. Your every alternate operating system is always a hit.

Nice one... :) Let's hope. BTW, 95 and 98 were both hits I guess, despite being consecutive.

I gave this statement bcoz out of 42% XP users only 2% of ppl have upgraded their windows. Such miser motherfuckers. I guess OEMs have to cut down their costs on laptops for more. If more discounts are there on those shot droid tablets y not for pcs then.

I would venture a guess that more than half of XP users are using pirated versions.  It is much harder to outright pirate Vista/7/8, although things like enterprise licenses work.

This flaw was exploitable in Firefox and Chrome as well, and exploitable on Linux and MacOS X. Hopefully Microsoft isn't the only one patching things.

Then why were governments saying not to use IE and switch to (evil) Chrome or Firefox instead?

No idea what the government has in it, but Kaspersky says:

"While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well. Adobe has updated all three versions to plug the hole. Because security holes frequently become much more widely exploited in the hours or days after they are disclosed, people on all three platforms should update as soon as possible. People using IE 10 and 11 on Windowws 8 will receive the update automatically, as will users of Google's Chrome browser. It can sometimes take hours for the automatic updates to arrive. Those who are truly cautious should consider manually installing them. Windows users with Firefox installed must run a separate update for both IE and the Mozilla browser."

Exactly.  Only IE was mentioned for this exploit, and go figure, since it's crazy trendy over the past few years for everyone to hate IE.

I still am not able to update my 8.1 with the update one...nothing works...i tried everything including that command promt commands. I have given up on this now

I had the same trouble, in the end I system restored to couple of days before and reinstalled the updates that came before and it seemed to sort it.
Have you tried downloading the files that make the updates directly from MS's website?

Yes, I tried installing standalone updates from Microsoft website...it wont work. I think I will try restoring. Thanks

It's funny how the vulnerability was all over the tech press as soon as it was annouced, minutes hadn't passed.

Now, there's a patch and nearly an hour later, only the MS friendly sites have any news up.

That has nothing to do with an anti-Microsoft bias many tech sites sport, if that's what you were alluding to. It's the same reason why you never see good news on TV. Bad news catches people's attention, good news doesn't.

Really? I watch how bloomberg west, the tech show spent fifteen minutes on the issue, but today it was not even mention in the briefing at the beginning of the show. You are naive if you think there is not a bias.
Two example
They talking about google fibre and they said the only other company that could do that is anazon or apple. Yet apple use azure and bing for backend. Msft missed the internet, yet msft has the third highest unique monthly visitors.

They talk about mobile payment and mention that apple and google are dominate. Google wallet is huge failure and apple does not even have mobile payment. I could go on and on. The media is very bais.

Posted via the WPC App for Android!

I'm not saying there's no bias towards Microsoft, as there obviously is on many sites, but I'm saying that I dont think this wasn't reported on as quickly as when the vulnerability came to light because there's less of a interest. Please reread my comment. Either way, I dont know what hysonmb is talking about. I've seen this fix reported on by many tech news outlets already.

Oh, there's plenty of bias, everywhere, including developers who purposely skip out on coding for IE, and countless meme's.

I'm talking about this specific case, did you even read my comment? I know there's bias, people just exaggerate it way too much. WPC is just as biased as many major tech sites, maybe even more so, just in the opposite direction.

What's funny is that Ars and Kaspersky are the only sites I have seen mention that Chrome and Firefox are vulnerable, as are Linux and OS X.

Is IE in Windows Phone 8.1 affected by this vulnerability? If so, any clue as to when that will be patched?

It is a Flash vulnerability, not even IE specific.  WP doesn't have Flash support, so it is not vulnerable.

What irritates me is how the IE thing became a news story, but the media hardly made a mention about the update Apple published recently to fix a major security flaw. Nice bias.

Apple and google are gods and msft is the devil. Like gmail has plenty more users than outlook yet they neck and neck. And everyone uses chrome and no one uses ie, yet ie has three monthly unique visitors. And hamgout is far more popular than skype yet no one beyonnd tech nerds knows about skype and its skype you sed on news channel all day.

And google docs is far more popular than office365 is a 2.5 billion business with profit. That is on twitter level. And google apps don't get even a mention on any google earning report. And on and on.

Posted via the WPC App for Android!

And that's the main reason google is worst in giving security. And ur wrong about hangouts when comparing Skype. Office 365 for corporates for popular and acceptable then google docs. Microsoft as u know targets corporate customers more with their softwares except windows operating system. Google is based and linked by internet advt campaign and targets public not the corporate customers at all.

By the way, are they even able to update IE for WP separately as an app? Or are we stuck with the current one until next major OS version?

This must have been a PR marketing nightmare for them.. IE already had to deal with somewhat of a bad name against Chrome and others. I'm not sure what it was like in other countries but here in Australia we had local radio and TV news reports headlining "stop using Internet Explorer..." which is pretty full on for an average consumer to hear.
Am glad that a fix has been made and issued and hope it doesn't damage IE market share.

"Microsoft says that they really don't have the ability to protect customers..."

Oh please, that's just BS. It should had been worded as "Microsoft says they won't be willing to proctect customers using an operating system that's more than a decade old at this point." If the NSA is capable of collecting data from offline computers, sure Microsoft is capable of even supporting DOS!

Lol, wut? What in the hell do NSA information gathering and DOS have to do with each other? Totally stupid analogy.

I never compared the NSA to DOS, those are quite stupid reading skills you got there mate. I said if the NSA is capable of gathering data from offline computers (thinking it seems quite imposible), Microsoft would be able to support even its oldest operating system based on the article that says "Microsoft doesn't have the ability to protect customers using [XP]"

Read again before you let your fingers go wild.

Bad move, Microsoft. Cut the damn apron strings already. Otherwise it gives the impression that you're indecisive and lack conviction, which in turn gives consumers a lack of confidence in and respect for you. Say what you mean and mean what you say