Microsoft released an emergency out-of-band update on May 1 for a zero-day vulnerability, identified as CVE-2014-1776, that was first publicly disclosed on April 26.
The Internet Explorer flaw impacts versions 6, 7, 8, 9, 10 and 11 of the Web browser with a remote code execution vulnerability. CVE-2014-1776 is particularly noteworthy in that it is the first publicly reported flaw that impacts the Windows XP operating system since that operating system officially hit its end of life with Microsoft’s April 8 Patch Tuesday update.
“The security of our products is something we take incredibly seriously,” Adrienne Hall, general manager of Microsoft Trustworthy Computing, said in a statement. “When we saw the first reports about this vulnerability we decided to fix it, fix it fast, and fix it for all our customers.”