XP included in urgent Internet Explorer security patch

Microsoft has decided to include its old Windows XP operating system in its out-of-band security patch for the built-in Internet Explorer web browser, released today via Windows Update.

Microsoft's Trustworthy Computing group manager of response communications, Dustin Childs, urged customers to apply the fully tested update as quickly as possible.

"Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11," Childs wrote.

The security update MS14-012 was labelled critical by Microsoft.

It plugs a serious vulnerability that allowed remote code execution using malicious web pages loaded in Internet Explorer versions 6 to 11, which are bundled with Windows, XP onwards to Windows 8.1.

Windows Server variants with Internet Explorer are also affected, but the vulnerability is only labelled moderate by Microsoft for those products due to built-in mitigation techniques.

According to Microsoft, Windows 7 users may find that unless they have security update 2929437 installed - which was issued on April 8 this year - Internet Explorer will crash when trying to install today's patch.

Installing 2929437 fixes the problem. Users can also install update 2964444 instead of applying today's patch.

Microsoft will hold a webcast tomorrow at 3pm AEST to discuss the technical details of the update.