Microsoft makes a "one time" fix to IE for XP users
Sunday, May 4, 2014 at 7:37PM Microsoft on May 1, 2014 shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting.
But in an unexpected move, Microsoft allowed Windows XP machines to receive the update, even though it had long held that the 13-year-old operating system had absolutely, positively retired on April 8.
"I'm surprised they went out-of-band at all," said Andrew Storms, director of DevOps at security company CloudPassage, using the term for an emergency update outside the normal monthly patch cycle Microsoft maintains. "While there was a lot of talk about this zero-day, it was mainly focused on the XP angle."
In fact, today's turnabout was bigger news than the security update itself, something Microsoft tacitly acknowledged by posting a long blog post that dealt not with the patch or the vulnerability, but with its decision to give XP customers a break.
In that blog, Adrienne Hall, a general manager in Microsoft's Trustworthy Computing group, made plain that today's release was the exception, not the rule, going forward. "We made this exception based on the proximity to the end of support for Windows XP," Hall wrote.
Microsoft dropped XP from its support list three weeks ago.
Reader Comments