Microsoft releases security patch for zero-day Internet Explorer vulnerability

Despite support having recently ended, the patch also covers computers running Windows XP, including embedded versions.

The recently discovered bug could have, in theory, allowed for malicious code to be remotely-executed. It was initially thought to have affected computers running IE9 through to IE11, but the bug exists as far back as Internet Explorer 6.

The term “zero-day” refers to the amount of time between when the exploit is first discovered, and the first attack, so these type of bugs are usually patched as quickly as humanly possible. In this case, Microsoft released its updates at 10am PST today.

This bug allows for a malicious third-party to corrupt data held in memory, and then could allow them to execute code on the compromised system. From there on, the world is their oyster, so to speak. In theory, at least, the exploit would allow the hacker access to the system at the same level as the logged in user, and as most people use Windows as administrators, that’s very bad.

Despite Microsoft having only just ended support for XP, the aging operating system will still get access to this patch through the Windows Update system. Microsoft says that people should still upgrade to a more modern operating system as soon as possible, but because of the proximity to the end of XP support, the firm is releasing this update. It does go on to say that reports of the possible damage are “overblown” and that there have been “very few” attacks using the vulnerability.

Perhaps most staggering of all is that XP still makes up 26 per cent of installed operating systems. Windows 8.1, in contrast, has just 5 per cent market share. That, is perhaps one of the other reasons that Microsoft has decided to patch the older operating system.

Read more: XP support ends today UK government pays for extension