In case you were not aware, May Day turned out to be a day of celebration for Microsoft (News - Alert) Internet Explorer (IE) users as the company provided a patch for an IE zero-day vulnerability that was disclosed a few days ago. If you are an IE user and for some reason do not have automatic updates turned on, visit the Microsoft Security TechCenter page for impacted software and steps you need to take.

Other valuable information on the update may be found at KB2964358. Note: Microsoft is advising that IE will crash if you install the update on a Windows 7 system which does not have KB2929437 installed.  Also note that if you use Windows Update you are good to go and don’t have to do anything other than reboot. Otherwise, follow the instructions in KB2964358. 

In short, the good news is that it is now OK to go surfing with IE again.

As Adrienne Hall, general manager, Microsoft Trustworthy Computing stated, "[T]he security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers."

One interesting sidebar to all of this, and something that will likely be collateral benefit to Microsoft is that as part of the fix, it included the now end of life Windows XP as one of the platforms that could potentially be impacted by bad guys exploiting the vulnerability and users have who have not migrated off of XP will be protected by downloading the patch.

Security challenges that result from running older software that has not been updated, or just plain is too exposed for exploitation by those with malicious intent, has been a reason security professionals have repeatedly told users of all types that upgrades to newer software (and this includes Java so it is not just a Microsoft issue) is well-advised. It will be interesting to see in the coming months if this latest security issue is enough to chase stragglers off of XP. 


Edited by Stefania Viscusi