Microsoft releases patch for Web browser's security flaw

Microsoft releases patch for Web browser's security flaw
PUBLISHED ONMay 04, 2014 10:30 PMByKenny Chee

It may be safe now to use Microsoft's Web browser Internet Explorer - earlier reported to have a serious security hole - after the software giant released a patch on Thursday.

Microsoft has released a fix for its newer Windows 7 and 8 operating systems, as well as for the older Windows XP even though the American firm had previously said it would not patch the 13-year-old Windows XP because it had discontinued support for it early last month.

"We made this exception based on the proximity to the end of support for Windows XP," said Ms Adrienne Hall, Microsoft's general manager for trustworthy computing, in a blog post.

It is just as well, because fresh attacks exploiting the bug have been found targeting a version of the Web browser in Windows XP, said cyber-security firm FireEye.

Previously, attacks targeted browsers in Windows 7 and 8.

Deemed so serious that the authorities from Singapore to the US have issued warnings, the security flaw allows hackers to take control of a person's computer if he uses Internet Explorer to visit a compromised website.

Microsoft's U-turn on patching Windows XP suggests the seriousness of the bug, said Ms Macky Cruz, the security focus lead at TrendLabs, the research and development unit of security firm Trend Micro.

But cyber-security experts said they are not holding their breath for Microsoft to keep doing so.

In Singapore, some 450,000 computers were still running on XP as of February.

"We are encouraging users to upgrade to the latest versions (of Windows). It will become more and more difficult for owners of computers running Windows XP to ensure their systems are safe," Ms Cruz said.

Computers that have automatic updates turned on in Windows would have already received the patch. Users who have not received the update can do so by opening the Windows control panel and clicking Check for Updates in the Windows Update section.

Internet Explorer users might want to make sure that they have these patches as soon as possible: FireEye said many new attacks are being carried out using the Internet Explorer bug.

Past attacks observed were aimed at organisations in the defence and finance sectors. But new ones have been found targeting those in the government and energy sectors, said FireEye.

kennyc@sph.com.sg

This article was published on May 3 in The Straits Times.

Get a copy of The Straits Times or go to straitstimes.com for more stories.

This website is best viewed using the latest versions of web browsers.