Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.Well done to Microsoft - they have a good security team there (I know a bunch of them), and this is a reflection of that team strength. Patching 12 year old code is no fun, but they did it.
Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said.
“The security of our products is something we take incredibly seriously. When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers,” said Adrienne Hall, General Manager, Microsoft Trustworthy Computing.
If you are still running XP, get this update even if you don't use IE. We'll all forget about this in a few weeks, and someone might run the old IE app sometime in the future. Microsoft has a page on turning on automatic updates in XP.
But don't get used to this, because they won't repeat this often. You'll need to move to Windows 7, or Mac, or Linux. Recent advice found here.