TORONTO – Microsoft has released a security update to fix the major vulnerability found in its Internet Explorer web browser over the weekend, which would have allowed hackers to gain access to users’ computers through malicious websites.
The fix for the security bug, which was present in Internet Explorer versions 6 to 11, went live Thursday.
The bug, announced over the weekend by cybersecurity software maker FireEye Inc, would have allowed a hacker to gain full control of a user’s computer by tricking them into visiting a malicious website designed to exploit the vulnerability – leaving the user’s personal data at risk.
The vulnerability was the first major security threat since Microsoft ended support for Windows XP users on April 8, leaving them without the security updates that are deployed to fix issues like this one.
But on Thursday, the company announced that the fix would be deployed to Windows XP users, despite previously saying it would not provide the fix to XP users.
“Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP today,” said company spokesperson Adrienne Hall in a blog post.
“We made this exception based on the proximity to the end of support for Windows XP.”
In the blog, Hall said that there have been a “very small number of attacks” based on this particular vulnerability, adding that concerns surrounding the bug were “overblown.”
“Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do,” said Hall.
Yet, in its initial report FireEye said hackers had already exploited the bug in attacks against U.S.-based financial and defence companies; however the company did not elaborate on the nature of the attacks.
Then, on Thursday, FireEye reported that it had identified attacks on Windows XP machines running Internet Explorer 8.
Despite issuing the fix to Windows XP users, Microsoft still encourages users to switch from XP to a newer version of Windows.
Windows users will be able to install the security update right away.
If you have automatic updates turned on, the update will be installed right away. Those who do not use automatic updates can click the “Check for Updates” button on the Windows Update section in the Control Panel.
For added protection, when using IE users can turn on “Enhanced Protected Mode,” an add-on that protects users’ data in the event of a security breach. To be extra secure, you can also install anti-malware software and deploy firewalls.
© Shaw Media, 2014