Microsoft rescues XP users with emergency browser fix

BOSTON Thu May 1, 2014 2:04pm EDT

Microsoft Corp's Windows XP software products are displayed at a shop in Seoul November 8, 2004. REUTERS/You Sung-Ho

Microsoft Corp's Windows XP software products are displayed at a shop in Seoul November 8, 2004.

Credit: Reuters/You Sung-Ho

Related Topics

BOSTON (Reuters) - Microsoft is helping the estimated hundreds of millions of customers still running Windows XP, which it stopped supporting earlier this month, by providing an emergency update to fix a critical bug in its Internet Explorer browser.

Microsoft Corp rushed to create the fix after learning of the bug in the operating system over the weekend when cybersecurity firm FireEye Inc warned that a sophisticated group of hackers had exploited the bug to launch attacks in a campaign dubbed "Operation Clandestine Fox.

It was the first high-profile threat to emerge after Microsoft stopped providing support to its 13-year-old XP operating software on April 8.

Microsoft on Wednesday initially said it would not provide the remedy to Windows XP users because it had stopped supporting the product. But on Thursday, as Microsoft started releasing the fix for the bug through its automated Windows Update system, a company spokeswoman said the remedy also would be pushed out to XP customers.

"We decided to fix it, fix it fast, and fix it for all our customers," spokeswoman Adrienne Hall said on Microsoft's official blog.

She said there had not been many attacks exploiting the vulnerability, which Microsoft decided to patch in XP "based on the proximity" to its recent end of support.

"There have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown," she said in the blog.

At the end of last week, FireEye initially uncovered attacks involving recent versions of Windows that are still supported by Microsoft.

Then, three days ago, it began identifying attacks on Windows XP, which users would not necessarily have been able to thwart if Microsoft had not decided to roll out the update to XP users in addition to other customers.

FireEye said in a blog published on Thursday that it had observed new groups of hackers exploiting the vulnerability to attack targets in government and energy sectors, in addition to previously identified financial and defense industries.

Microsoft was under pressure to move quickly as the U.S., UK and German governments advised computer users on Monday to consider using alternatives to Microsoft's Explorer browser until it released a fix.

Microsoft first had warned that it was planning to end support for Windows XP in 2007, but security firms estimated that 15 to 25 percent of the world's personal computers still run on the version of the operating system that was released in October 2001.

(Reporting by Jim Finkle; Editing by Jeffrey Benkoe and Leslie Adler)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see
Comments (12)
jbeech wrote:
Do you know why we still have computers on our network with Windows XP? Simple, it’s because the users don’t want to learn to use something different. Why not? It’s because they’re busy working and taking time to look for where Microsoft decided to hide the icon for the print drivers, or some other unnecessary cosmetic change Microsoft feels users should learn to re-use is a non-starter with them.

In short, get with it Microsoft and stop trying to play ‘father knows best’. In short, leave the choice of interface up to the user! Sure, if you want to offer Metro, fine . . . but make it for users happy with the look of XP to select it when they install an OS. What’s so hard about this?

I just don’t get why Microsoft doesn’t offer us a Windows 8 experience, which looks exactly like Windows XP. I know we would immediately upgrade all our XP computers – no question.

May 01, 2014 1:15pm EDT  --  Report as abuse
PS99 wrote:
A day late and an hour short- a PUBLIC RELATIONS DISASTER!
After Microsoft’s initial ‘no support’ response to the IE threat, I moved on to Google, not only on XP computers but also my personal and company post-XP windows computers…

May 01, 2014 1:25pm EDT  --  Report as abuse
stuffington wrote:
jbeech: That’s your choice to have a security risk at your office. Windows 7 did not change that much from Windows XP. I agree if you are jumping from XP to 8 then you have a point but there’s no need to do that. Hop on 7 for another 8-10 years and worry about Windows 9 or Windows X by then.

May 01, 2014 1:47pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.