Forgot your password?
typodupeerror
Bug Microsoft Security Windows

XP Systems Getting Emergency IE Zero Day Patch 179

Posted by timothy
from the patches-galore dept.
msm1267 (2804139) writes "Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.

Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said. Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch."
This discussion has been archived. No new comments can be posted.

XP Systems Getting Emergency IE Zero Day Patch

Comments Filter:
  • WTF (Score:1, Interesting)

    by Anonymous Coward

    Patching a dead OS just confuses users. No, really, this OS is dead except sometimes.

    • Re:WTF (Score:5, Funny)

      by viperidaenz (2515578) on Thursday May 01, 2014 @02:19PM (#46892449)

      I know right, like recalling cars out of warranty.

      • by Ravaldy (2621787)

        Good luck getting a 15 year warranty on your car.

        • by wcrowe (94389)

          The auto manufacturer is responsible for safety recalls for a very long time, if not forever. I've gotten safety recalls for cars that I haven't owned in years and that are way past the warranty period. I was the last known owner, so I got the letter.

          This kind of thing is very much like a safety recall for cars, except it is for an operating system.

          • Same here, I had a recall for my 2002 Ford Ranger a few years ago. I haven't owned that truck since 2007.
            The recall had something to do with an ignition switch catching fire...even when the vehicle was not in use. Last I checked I don't think anyone's comp was at risk of bursting into flames due to a security patch not being installed.
            Car comparisons won't work on this because if cars aren't recalled for dangerous flaws, owners and other people are in danger of injury or death. The only way my computer
          • by drinkypoo (153816)

            The auto manufacturer is responsible for safety recalls for a very long time, if not forever.

            They're responsible for ten years from the date the recall is issued, unless it's a seatbelt or maybe airbag recall. I believe seatbelt recalls are forever, not sure about airbag recalls but I'd bet the same way on them.

            • by Ravaldy (2621787)

              We have an ex-Chrysler employee working at my office and he had a small involvement in recalls. He said the automakers are forced to honor vehicles up to 8 years of age but it may differ from one country to another. Past this, they can choose to honor the recalls but in many cases it will be at your expense.

        • Good luck getting a 15 year warranty on your car.

          Back when I was younger, and living on student income, I had warranty work done on a car when it was 14 years old.

          • by Ravaldy (2621787)

            I need to know the name of the car company because that just doesn't happen today. It's not a sustainable model for any company.

            And again, they probably weren't obligated to do it. The government only holds them responsible for the cost of the repair until the vehicle is 8 years of age.

    • by Torodung (31985)

      Windows XP: Zombie Edition lives! IT'S ALIVE!

      Either that or it's only "mostly dead" and MS is giving it a miracle pill.

      • Either that or it's only "mostly dead" and MS is giving it a miracle pill.

        Shortly before this patch was issued, Windows XP distinctly said "The blaaaaaayth!"

  • 1) Stockpile exploits for Windows XP until after Microsoft no longer releases updates for it.
    2) Hack XP users.
    3) Profit!

    • Re: (Score:2, Insightful)

      by Teresita (982888)
      But the about-face today speaks to the seriousness of the vulnerability...

      No, it speaks to the seriousness of letting 30% of the PC user base twist in the wind, and start thinking about 2020 when the same thing will happen to 7, and maybe start browsing the Apple stores.
      • Re: (Score:2, Informative)

        by Anonymous Coward

        Soo... apple is still releasing patches for OSX v10.1 "Puma", which came out the same time as XP originally... or is it that the OS X v10.5.8, the last supported OS by many of the machines from that time period (and came out between XP SP2 and SP3, to put things in perspective), is still getting security updates? Because the answer is no and no.

        In fact, the oldest OSX which is still getting security updates (Lion) was released not quite three years ago. Great.

      • Re:That's smart (Score:5, Informative)

        by Himmy32 (650060) on Thursday May 01, 2014 @03:01PM (#46893021)
        Apple isn't even releasing updates for Snow Leopard from 5 years ago. Which 20% of their user base is on...

        Reality distortion field on.
  • by Lumpio- (986581)
    "XP support is over" my ass.
    • by rujasu (3450319) on Thursday May 01, 2014 @02:28PM (#46892557)

      Yes, how dare they provide support for a large percentage of their userbase, rather than try to force their users to pay them more money for the latest version! Those bastards!

      Seriously, I get that XP is old and there are real disadvantages to its continued use, but it's amazing to me that we've actually reached the point where MS is getting flack for not adhering strongly enough to planned obsolescence. Like, we want them to be greedier now and stop providing free updates? I'd like to believe that they'll continue supporting Win7 for quite some time. I don't particularly like the idea of forced paid upgrades, or the "subscription Windows" that everyone seems to think is coming.

      I'd love it if people would start moving off of XP and onto modern OS'es, but that's not going to happen right away regardless of what MS does, and I'm not going to knock them for supporting their product long-term.

      • by Ravaldy (2621787)

        I agree with you. I don't know one XP user that would pay for a subscription. MS is a business and for some reason the expectation is that they should continue supporting the product at no charge. Yet we don't have that expectation of anything else in life. The software world always gets shafted.

        I had customers contacting me regarding a 10 year old project with a bug recently discovered. I sent them a quote to fix the issue and they asked me why I was charging to fix the software. They also told me they exp

      • by Grishnakh (216268)

        Why should they continue to spend money to support an ancient OS that no one is buying any more? They're not receiving any new revenue for it, so why should they continue to support it? Who would expect any company to continue to support obsolete products a decade or more after they were sold, without some kind of service contract? In most places, a 1 or 2-year warranty is all you can expect.

        I'd rather see them stop supporting XP at all, for anyone. If people don't like that, they should switch to somet

        • by DogDude (805747) on Thursday May 01, 2014 @03:04PM (#46893053) Homepage
          They're not receiving any new revenue for it, so why should they continue to support it?

          Because they're acting as a responsible corporate entity, maybe? It must be shocking to Apple users to see something like this, but Microsoft has actually been a relatively responsible, responsive company for a long time, now.
        • by DigitAl56K (805623) on Thursday May 01, 2014 @04:31PM (#46894031)

          Why should they continue to spend money to support an ancient OS that no one is buying any more? They're not receiving any new revenue for it, so why should they continue to support it?

          They are absolutely receiving revenue for it, just not directly. These users are part of the Windows total addressable market. Developers choosing to write applications and looking at which platform to choose look at this number. 30% of the Windows userbase comes from XP. If Microsoft upsets these users by letting rampant malware trash their systems, a chunk of these people may switch to e.g. Apple. Oops! Now we have more cross platform or Apple-native apps being developed because there are more users there. Microsoft does not want this to happen.

          • by Grishnakh (216268)

            I don't think XP users are buying applications at this stage. They're just using their old computer for web-browsing and email at this point.

            • Windows users rarely buy applications in general. They use freeware and open source ones, and play games. Some will get a pirated version of Photoshop or stuff like Reason and Ableton Live.

        • Why should they continue to spend money to support an ancient OS that no one is buying any more?

          ...because this is the exact same patch that they're already contractually obligated to release for Windows 2003 (which won't EOL until next July)?

      • by fustakrakich (1673220) on Thursday May 01, 2014 @02:47PM (#46892827) Journal

        They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.

        • Re: (Score:2, Funny)

          by Anonymous Coward

          They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.

          And I want a pony.

        • by mpe (36238)
          They should support it as long as they hold copyright on it. When the support ends, it should be put in the public domain.

          About the only way this could work would be if Microsoft lobbied (and got) sane copyright terms into law.
          The obvious related issues are that some parts of Win XP may exist in other Microsoft products. Microsoft may not actually be the copyright holder for all of XP. Some bits they may have licenced, other bits they may have "pirated". (Piracy within proprietary software, even of OSS, d
      • by steelfood (895457)

        It's one thing to stop feature updates. That happened once Vista came out. But security updates? That's like knowing that your product is certain to cause property damage after a certain amount of use but still keeping it out in the wild. With non-software, there'd be mass mandatory recalls. At least with software, it's a matter of putting out an update.

        And yes, severe security vulnurabilities are a defect in the product and zombies do cause monetary property damage albeit a very small amount individually.

      • "it's amazing to me that we've actually reached the point where MS is getting flack for not adhering strongly enough to planned obsolescence"

        After painstakingly upgrading the entire office to windows 7 over the last few years, recommending to all friends family and clients that they NEED to upgrade, I am somewhat conflicted.

        Firstly, microsoft is making me look like a lying dick. When I heard about this IE vulnerability, I thought "awesome! now everyone that hummed hawed and complained at me for forcing upgr

        • Firstly, microsoft is making me look like a lying dick. When I heard about this IE vulnerability, I thought "awesome! now everyone that hummed hawed and complained at me for forcing upgrades will be apologizing!". So i am pretty pissed off that they now go back on their word and still support XP making me look like I didn't know what I was talking about.

          That's okay. Your friends and family won't hear of that flaw and patch unless they read Slashdot or other tech websites.
          There's also a pretty much untold story. Google Chrome and maybe Firefox and some other stuff support XP for an additional year. Microsoft does support a version of XP for one more year too!, it's called Windows Server 2003 with final EOL on July, 14th 2015. It is not strictly XP but is rather close.

    • by mcrbids (148650)

      I don't understand why a spine is necessary. If the market is crying out for XP, why not just simply migrate XP to an annual license of $20 and let people keep their beloved 512 MB P IVs going for as long as their bits keep shuffling?

      Microsoft had an awesome opportunity with WinXP and they just threw it away...

      • by Lumpio- (986581)
        Because as long as XP exists, Microsoft isn't the only one that will be forced to support it. Old software has to eventually die to drop some of the backwards compatibility burden and make way for progress.
  • The irony? (Score:3, Funny)

    by Culture20 (968837) on Thursday May 01, 2014 @02:41PM (#46892743)
    XP updates are initiated via IE.
    • by Anonymous Coward

      Hello, Alanis. Still don't know what irony is, eh.

    • by antdude (79039)

      Is IE still used to download and install through Automatic Updates?

    • Re: (Score:2, Informative)

      No, you can only enable Automatic Updates and wait for them to get pushed down. The Windows Update site has not worked on XP for a couple years now, although I can't remember when it officially happened. It's the same with Windows Server 2003...

      • by drinkypoo (153816)

        The Windows Update site has not worked on XP for a couple years now

        It works on some of my installs, and not on others. My working theory is that windows installs sometimes get owned during install while doing some kind of autoupdate :)

    • by timeOday (582209)
      Why does that matter? Unless the Microsoft update site hosts the exploit?
  • by 93 Escort Wagon (326346) on Thursday May 01, 2014 @03:03PM (#46893039)

    At least switch to a non-Microsoft browser and email client - something that'll continue to get updated like Firefox, Chrome, Thunderbird, etc.

    • by maz2331 (1104901)

      Except, of course, that some business-critical sites will ONLY work with IE. It sucks, but until the vendors fix them, it is what it is.

      • Vendors?! You mean like a dev team that built an old Intranet site? The same dev team that long disbanded and a copy that doesn't have a migration path to a new platform? Yea, that company is pretty much fucked with their ass hanging in the breeze.

  • by sirwired (27582) on Thursday May 01, 2014 @05:23PM (#46894615)

    I thought Slashdot was supposed to be a geek site. It's an "out-of-cycle" patch, not an "out-of-band" one, although I assume it could be delivered out-of-band if you really wanted to (USB stick, CD, whatever.) Most users will certainly be receiving the patch in-band.

    Submitters are allowed to be ignorant and make stupid mistakes; it's the job of the editors to correct those mistakes before posting a story.

  • Support is not over, I believe I read that the UK government is paying in excess of 55million or more for XP support and then the Dutch government is doing the same. If Microsoft is being paid by multiple government entities to continue to provide patches and updates for XP why not give the general public the benefit of those patches as well? I realize that the most likely answer to that is why should they when what they want is everyone still using XP to go out and buy a shiny new Windows 8/8.1 PC. But at

  • The exploit has been known -- to SOMEONE -- for a while. So why did it come out of inventory all the sudden right now? Afraid that too many valuable targets would switch off XP or install new protection? Hardly likely that XP users will really switch this year. And where did it come from anyway? Transmitted from secret MS operatives to the bad guys? NSA wants to scare people into switching? Stupid bad guys just decided to use it while it was still fresh? There are many conspiracy theory variants on t

  • I guess people would object less to giving up Windows XP if the plain old simple GUI was still an option. Not just "Classic" UI in Windows 7 : that one is crippled with the colour themes removed, it is absent from Windows 8.x, the task bar has to be tweaked and feels maybe not 100% the same (I want "show desktop" on the left, not the right). Most of all, if you go that way you have that ugly ass file manager. It's ugly and wastes space.

    I used a 3rd party file manager, but it was not integrated (start menu,

    • Most of all, if you go that way you have that ugly ass file manager. It's ugly and wastes space.

      Click the little arrow on the top right corner of the window. It allows you to hide the Ribbon menu (after that it will be temporarily shown when you open the subsections). From the View subsection you can also hide the side pane to make it even more compact.

  • Microsoft no longer supports XP

    Why do people keep saying this? It's simply untrue.

    Microsoft do still support XP. The real change that has happened is that Microsoft have gone from providing free support to charging a lot of money for the same support. That's all.

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234

Working...