The following post is from Adrienne Hall, General Manager, Trustworthy Computing, Microsoft.


The security of our products is something we take incredibly seriously, so the news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us.  We believe, and take a huge amount of pride that, among widely used browsers, IE is the safest in the world due to its secure development and ability to protect customers, even in the face of cybercriminals who want to break it.

This means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers.  So we did.  The update that does this goes live today at 10 a.m. PDT.

If you are like most people, you have automatic updates turned on, and you’ll get this new update without having to do anything.  If you haven’t turned on automatic updates yet, you should do so now.  Click the “Check for Updates” button on the Windows Update portion of your Control Panel to get this going.

One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP.  Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade.  This is why we’ve been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1.

Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today.  We made this exception based on the proximity to the end of support for Windows XP.  The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown.  Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously.  We absolutely do. 

Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer.  If you are on Windows 7, upgrade to Internet Explorer 11.  Our modern operating systems provide more safety and security than ever before. The latest version of Internet Explorer has increased support for modern web standards, better performance, and expanded the ability to deliver an immersive experience from within the browser.  In other words, cool stuff that you need even if you didn’t know you need it.  And when you turn on auto update, we make sure your computer and your browser get better all the time.

This connected world, which brings so much goodness to consumers and businesses, also has a dark side:  people and organizations who seek to disrupt technology use and steal information. We are standing guard. We’ve compiled an admirable track record over the last decade in the way we build our products with security at the core and the way we update them every single month to be more secure, chock full of privacy protections, more reliable  – more trustworthy.

Today, we made our browser a bit safer. Next month, it will be better still. You can count on us.