A bug disclosed last week that can be exploited via IE - or any other browser - is not in IE, but in a Windows help component. However, there are no open Microsoft-issued IE security advisories. Microsoft could deliver an "out-of-band" patch before July 13 if an IE vulnerability popped up and the company hustled to craft and release a fix. The next IE fix probably won't appear until Aug. Microsoft fixed six IE flaws June 8 during this month's Patch Tuesday. Unless Microsoft releases an emergency IE update in the next 31 days or deviates from its habit of issuing browser updates on alternate months, XP SP2 users have received their last IE patch. According to data from Qualys, about half of all enterprise PCs running Windows XP were still using SP2 as of late last month. However, it means that users still relying on Windows XP SP2 will be at risk for exploits of any IE vulnerability that Microsoft patches after July 13. The practice of linking browser patches to operating systems' support lifecycles is a longstanding Microsoft policy. "There is no differentiation for XP SP2 customers running IE." "Customers will need to install XP SP3 in order to leverage the extended support (which includes security updates), which will run through April 2014," a Microsoft spokeswoman said in an e-mail reply to questions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |