IE Zero Day Update: Microsoft Issues Emergency Patch, Even for XP

cve-2014-1776In response to the critical zero day vulnerability (CVE-2014-1776)  currently affecting Internet Explorer, versions 6-11, Microsoft has issued an emergency patch.

Users who have automatic updates from Microsoft enabled will receive the emergency patch automatically. This includes users running Windows XP, even though Microsoft cut support for the operating system on April 8th, 2014.

Microsoft’s announcement of the patch does not explain why they have chosen to issue it to an operating system they supposedly no longer support; however, reports from FireEye Labs indicate that there is currently a new variant of the attack actively and specifically exploiting the vulnerability on machines running Internet Explorer 8 with Windows XP.

Anyone running Emsisoft on Windows XP should know that we have chosen to support our software on the OS until at least April 2016. If you are still running XP, you should also know that this critical security vulnerability is likely only the first of many to come. For this reason, we recommend updating to a Microsoft supported OS as soon as possible.

Have a Great (Zero-Free) Day!