(Photo : Reuters) Microsoft confirmed Windows RT and the original Surface is dead.


Microsoft has released an emergency fix for the security flaw that affected all the desktop versions of the Internet Explorer (IE) Web browser. The firm also included Windows XP in the update even though it had already stopped supporting the outdated operating system (OS) on April 8.



Like Us on Facebook


The flaw was first revealed on April 26 and was known to be present in IE versions 6 to 11. The severity of the vulnerability prompted the US Department of Homeland Security to advise people to avoid using the browser until a security update was released, according to Tom's Guide.



Now that the flaw patch has already been released, the security update should automatically install if Automatic Updates is activated on a user's PC, the report said.



Hackers can exploit the IE flaw to control a user's computer and spread malicious program. A secretive group was already using it to launch attacks on US firms when the American security firm FireEye discovered the vulnerability, the report stated.



These flaws of unknown origin and are being exploited by hackers are dubbed "zero days" because of the zero amount of time that experts have to beef up their defenses before the attack is launched, the report explained.



Microsoft usually issues patches on "Patch Tuesday," which falls on the first Tuesday of every month. However, the software giant stepped beyond its usual cycle by releasing the patch outside the Patch Tuesday schedule and even including Windows XP in the update even after it had already halted patching for the outdated OS on April 8, the report detailed.



Although this is good news for 20% to 30% of computer users worldwide who are still using Windows XP, future patches for the said OS should not be expected. In fact, Dustin C. Childs of Microsoft encouraged customers to upgrade to a "modern operating system," the report relayed.



The flaw was originally used by a small group of hackers that hit specific targets in a campaign that FireEye called "Operation Clandestine Fox." Now that the flaw is already known, other cybercriminals could easily duplicate the campaign and exploit unpatched IE browsers, the report said.



Users who still have not enabled Automatic Updates on their PCs can manually install the fix and change the settings in the System and Security to enable automatic installation of updates, wrote Tom's Guide.

