Microsoft issues fix for major Internet Explorer bug
BY JULIANNE PEPITONE, NBC News
(NBC News) - Microsoft issued a security patch at Thursday afternoon to fix a serious bug in Internet Explorer, the company said in a blog post.
Customers who have automatic updates enabled won't need to take any action, but Microsoft encouraged users without that service "to apply this update as quickly as possible."
Microsoft also decided to issue a fix for Windows XP users, even though the company dropped support of that operating system earlier this month.
The patch comes just a few days after security company FireEye revealed the flaw -- which affected Internet Explorer versions 6 through 11-- in a post on last Friday.
Microsoft followed up with its own "security advisory" on Saturday, in which the company warned hackers had already used the flaw to launch "limited, targeted attacks."
As with many attacks, hackers can start with methods like convincing users to click on fake websites, Microsoft explained. From there, the glitch could allow attackers to run malicious software on the user's computer -- and even gain the same level of access to the computer as the real user.
Microsoft's patch on Thursday fixes that problem. In its post, Microsoft reiterated that users should upgrade to Windows 7 or 8.1, and to the latest version of Internet Explorer, IE 11.
“The security of our products is something we take incredibly seriously," Adrienne Hall, the general manager of Microsoft's trustworthy computing division, said in a blog post on Thursday. "When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers."
Before that fix came in, even the Department of Homeland Security weighed in with an advisory on Monday, calling on users to run alternative web browsers in the interim.
But Hall said in her post that the "concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously."