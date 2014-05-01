(Adds details on attacks from FireEye, comment from Microsoft)
By Jim Finkle
BOSTON May 1 Microsoft is helping the estimated
hundreds of millions of customers still running Windows XP,
which it stopped supporting earlier this month, by providing an
emergency update to fix a critical bug in its Internet Explorer
browser.
Microsoft Corp rushed to create the fix after
learning of the bug in the operating system over the weekend
when cybersecurity firm FireEye Inc warned that a
sophisticated group of hackers had exploited the bug to launch
attacks in a campaign dubbed "Operation Clandestine Fox."
It was the first high-profile threat to emerge after
Microsoft stopped providing support to its 13-year-old XP
operating software on April 8.
Microsoft on Wednesday initially said it would not provide
the remedy to Windows XP users because it had stopped supporting
the product. But on Thursday, as Microsoft started releasing the
fix for the bug through its automated Windows Update system, a
company spokeswoman said the remedy also would be pushed out to
XP customers.
"We decided to fix it, fix it fast, and fix it for all our
customers," spokeswoman Adrienne Hall said on Microsoft's
official blog.
She said there had not been many attacks exploiting the
vulnerability, which Microsoft decided to patch in XP "based on
the proximity" to its recent end of support.
"There have been a very small number of attacks based on
this particular vulnerability and concerns were, frankly,
overblown," she said in the blog.
At the end of last week, FireEye initially uncovered attacks
involving recent versions of Windows that are still supported by
Microsoft.
Then, three days ago, it began identifying attacks on
Windows XP, which users would not necessarily have been able to
thwart if Microsoft had not decided to roll out the update to XP
users in addition to other customers.
FireEye said in a blog published on Thursday that it had
observed new groups of hackers exploiting the vulnerability to
attack targets in government and energy sectors, in addition to
previously identified financial and defense industries.
Microsoft was under pressure to move quickly as the U.S.,
UK and German governments advised computer users on Monday to
consider using alternatives to Microsoft's Explorer browser
until it released a fix.
Microsoft first had warned that it was planning to end
support for Windows XP in 2007, but security firms estimated
that 15 to 25 percent of the world's personal computers still
run on the version of the operating system that was released in
October 2001.
(Reporting by Jim Finkle; Editing by Jeffrey Benkoe and Leslie
Adler)