Microsoft has issued a security fix for its popular Internet Explorer web browser, with a Microsoft executive calling concerns about the vulnerability “overblown”.
The fix comes after the Australian, British and US governments all recommended over the past few days that users of the browser switch to another product while Microsoft sorted the issue out.
The Australian government’s Stay Smart Online website released a warning saying the security flaw could be exploited by hackers and cybercriminals.
“The vulnerability is known to be targeted by cyber criminals. You should take action to ensure you will not be affected,” the statement on the website said.
But Microsoft’s general manager for trustworthy computing, Adrienne Hall, said in a statement on the official Microsoft blog that there had been minimal danger posed to users and the risks had been overstated.
“The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do,” Hall said in the statement.
She said part of the reason the issue had received so much attention was that it had coincided with Microsoft’s end of support for its Windows XP operating system. She said Microsoft would extend its support to XP users in order to deal with any threat posed by the IE bug, but that users should make the change to newer operating systems.
“One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP. Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade,” she said.
“This is why we’ve been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1.”