As of Thursday, May 1, Microsoft has issued a patch for Internet Explorer. It’s available through Windows Updates, and the good news is they’ve included Windowx XP in the fix. Please note, however, that XP is still otherwise unsupported, and an upgrade to Windows 7 or higher is still necessary.
If Windows Updates has not automatically downloaded the patch, go to the Start screen by clicking on the Windows logo in the left end of the toolbar, choose Control Panel, and click on Windows Update. That will tell you how many updates, the patch included, are available for download. You can do so from right there, and also check your Windows Update settings. If your computer is on all the time, you might want to set it so it automatically upcoming downloads and installs overnight; otherwise, set it to notify you so that you can do it when you want.
Here’s a link to Microsoft’s Security Bulletin.
The originally article follows:
If you’re viewing this in Microsoft’s Internet Explorer, pay attention: your computer is in danger of being hijacked. In an unprecedented warning, Microsoft is altering users of its popular Internet Explorer web browser, versions 6 through 11, of a major security flaw. It is taking the unusual step of actually asking users not to use the browser.
The flaw allows hackers to impersonate a trusted, familiar website in order to steal personal data and basically take over the computer. To do so, the hacker must first persuade the user to visit a carefully-crafted fake site through email, attachments, or instant messaging. Once in, the hacker can install malware, change or delete data, or even set up new accounts.
While it claims that targeted attacks using this exploit have been limited, the software giant took the highly unusual notification of the problem before a fix is available. This leaves users with the only option of switching to another browser, like Firefox. SWCP has long advised using other browsers than IE anyway. As the most popular browser in the world as well as one riddled with constant flaws that need patching, it is the most often attacked web-browser around.
No date when the patch will be available has been given or how it will be distributed. Until then, MS says that Windows Servers 2003, 2008, 2008 R2, 2012 and 2012 R2, are the only Windows products already safe from this flaw. Vulnerable browsers run on all other Microsoft machines of the past decade. Found in all browsers using version 6 and above, it primarily affects Vista, Windows 7 and 8.
This “zero day exploit”, which means an unknown, unpatched problem, is so serious it has prompted warnings from both the US Computer Emergency Readiness Team and the UK’s equivalent.
If unable to switch browsers, users are advised to disable IE’s Flash plug in. We’ll post a notification as soon as the fix becomes available.