Despite Microsoft ending support for XP a month ago, Microsoft has announced that it has released an out-of-band patch to fix the zero-day flaw in Internet Explorer.
Dustin Childs, group manager of response communications at Microsoft Trustworthy Computing, said that it made the decision to issue the security update for Windows XP as even though it is no longer supported by Microsoft and it continues to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1, “customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.
“The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. If you’re unsure if you have automatic updates, or you haven’t enabled Automatic Update, now is the time.”
Trey Ford, global security strategist at Rapid7, said: “Out of band updates are a big deal. Major vendors like Microsoft, Oracle, Adobe and others have highly-structured software testing workflows that are expensive in terms of time and resources.
“One thing particularly of interest is that Microsoft made the decision to issue this patch for Windows XP, which is no longer officially supported. I think this underscores the importance of this patch, and the priority with which it should be deployed. Corporate and private users should prioritise downloading (testing, where required by change controls) and deploying this patch.”