Calls news coverage of IE vulnerability ‘overblown,’ but patches IE6, IE7 and IE8 on XP anyway
May 1, 2014
Microsoft today shipped an emergency update for Internet Explorer to close a hole that hackers had already been exploiting.
But in an unexpected move, Microsoft allowed Windows XP machines to receive the update, even though it had long held that the 13-year-old operating system had absolutely, positively retired on April 8.
“I’m surprised they went out-of-band at all,” said Andrew Storms, director of DevOps at security company CloudPassage, using the term for an emergency update outside the normal monthly patch cycle Microsoft maintains. “While there was a lot of talk about this zero-day, it was mainly focused on the XP angle.”