In a major turn of events in the Internet security world, Microsoft says it will patch a high-profile vulnerability in Internet Explorer on versions of Windows including Windows XP, despite recently ending support for XP and saying it would no longer issue security patches for the aging operating system.
Plans for the emergency security patch were announced by the company a short time ago. It’s an “out of band” release, coming separate from the company’s normal monthly cycle of security updates.
The patch will be released later this morning, available via the Automatic Updates mechanism in Windows. Underscoring the severity of the vulnerability, the company encouraged those with manual updates to install the patch immediately.
The company had previously indicated that it wouldn’t release the patch for Windows XP. With the official end of support, Microsoft is trying to get Windows XP user to upgrade to new machines, moving on from a version of the operating system that was originally released in 2001.
About 25 percent of the world’s computers are still running Windows XP. The Internet Explorer vulnerability was severe enough to prompt the U.S. Computer Emergency Readiness Team to advise users to seriously consider using alternative browsers.
While relenting on the Windows XP issue in this case, Microsoft made it clear that this situation is an exception.
“We have made the decision to issue a security update for Windows XP users,” said Dustin Childs of Microsoft’s Security Response Center, in the post announcing the patch this morning.
He continued, “Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.”