(The setting provides protection for Windows 7 users only when browsers are running in 64-bit mode on 圆4-enabled hardware, limiting the effectiveness of the measure. For those using apps that aren't compatible with IE 11, IE 10 with Enhanced Protected Mode is the next safest option. Users should strongly consider upgrading to IE 11 and ensure that Enhanced Protection Mode-which is off by default except on server OSes and the Metro-mode browser-is manually switched on.
#UPDATE INTERNET EXPLORER FOR XP INSTALL#
While there are a variety of settings users can manually make to prevent successful exploits on unpatched systems, people should install the update as soon as possible.
#UPDATE INTERNET EXPLORER FOR XP PATCH#
The Microsoft patch will be delivered automatically to anyone who has Windows configured to receive automatic updates. "In addition to previously observed attacks against the defense and financial sectors, organization in the government- and energy sector are now also facing attack."
"We have also observed that multiple, new threat actors are now using the exploit in attacks and have expanded the industries they are targeting," Thursday's blog post from FireEye reported. Previously, the IE attacks FireEye observed targeted only versions 9, 10, and 11 running on Windows 7 and 8. The Microsoft patch comes as the in-the-wild attacks exploiting the vulnerability have expanded to include XP users running IE 8, researchers from security firm FireEye reported Thursday. Attacks grow by “multiple, new threat actors” While the XP fix may deprive some laggards of the incentive to upgrade, Microsoft also has a responsibility to prevent exploits that could turn large numbers of the Internet population into compromised platforms that attack others. Thursday's release demonstrates the razor-thin tightrope Microsoft walks as it tries to wean users off a platform it acknowledges is no longer safe against modern hacks. By some measures, 28 percent of the Web-using public continues to use the aging OS, which lacks crucial safety protections built into Windows 7 and 8.1. Since it resides in versions 6 through 11 of Internet Explorer, the remote code-execution hole leaves an estimated 26 percent of Internet browsers susceptible to attacks that can surreptitiously install hacker-controlled backdoors when users visit a booby-trapped website. Further Reading Active 0day attack hijacking IE users threatens a quarter of browser marketThe decision to patch XP underscores the potential seriousness of the vulnerability.