As I have… well, “reported” in my feverish delirium on the 08th of April, support for Windows XP and Windows XP Professional x64 Edition has ended on that very day. So how is it exactly, that I can now look at this:
So what’s it gonna be, Microsoft? We now get the “super critical” ones, or the ones that get that [very special kind of media attention] – it’s not every day that the U.S. department of homeland security tells XP users to switch browsers after all – and the others you drop because official support has ended? Sure, this flaw is critical, allowing easy remote code execution by presenting malicious websites to any version of Internet Explorer, all the way down to IE6, which by todays standards is a completely neolithic browser. And even IE6 on XP gets the update, which is hilarious even for a die hard conservative Windows user like me.
Well, Microsofts Trustworthy Computing TechNet blogger, Mr. Dustin C. Childs [wrote on his weblog], that we shouldn’t be expecting more. Quote:
“[…] We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft,and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11. […]”
-Dustin C. Childs, Microsoft Trustworthy Computing
Of course they would say that… Plugging the worst of holes while not raising any hopes is probably the right strategy from their point of view. It seems that there is still too much XP out there for them to handle by refusal only.
I wonder though, will something like this happen again? Was Windows 2000 not provided with the fix because it’s considered too ancient when compared to XP/XP x64? There is no really reliable standpoint here, so we’ll have to wait and see. More information and downloads follow:
- [Download] security update for KB2964358 for Windows XP x86 for offline installation.
- [Download] security update for KB2964358 for Windows XP Professional x64 Edition for offline installation.
- Microsoft [KB2964358 knowledgebase article].
- Microsoft TechNet [Security Bulletin MS14-021] providing more extensive information about the flaw and severity ratings for all browser versions (IE6-11) for all operating systems said to be affected, plus information on how to undo the ACL modifications that were provided as a quick fix before the real patch came out.
Of course, if you have automatic updates turned on, you don’t have to download the files from above, that’s just for the distant future after Microsoft will have switched off Windows Update for XP altogether.
Oh and, as always, there is one thing that you could also do: Just don’t use Internet Explorer. There are enough other options these days.