Microsoft released a security update for its Internet Explorer browser Thursday to fix a bug that allowed hackers to take over a computer.
The tech company said it will be releasing a similar update for Windows XP, even though it dropped support for the 12-year-old operating system last month. Users who have automatic updates enabled should not have to take any action, Microsoft said.
Microsoft first notified users about the bug, which affects those using IE versions 6 through 11, over the weekend. Hackers could exploit the bug to trick users into opening an infected link or file attachment. Cybersecurity firm FireEye has said that about a quarter of Internet users around the world were potentially affected by the bug.
In an advisory posted to its Security TechCenter, Microsoft acknowledged it was aware of " limited, targeted attacks that attempt to exploit" the bug. The U.S. Department of Homeland Security issued a rare warning about the security flaw Monday, recommending that users apply Microsoft's mitigation toolkit or try another Web browser until the problem was fixed.
This latest update is considered "out of band" -- meaning it was outside the typical update cycle. "To interrupt a scheduled development cycle for an emergency patch, or ‘out of band’ release, is a noteworthy event where a vendor is placing the public good ahead of their development and delivery lifecycle," said Trey Ford, Global Security Strategist for the cybersecurity company Rapid7.
Ford said that Microsoft's release of a patch for Windows XP also underscores its importance.