SAN FRANCISCO (USA TODAY) - Microsoft issued a fix on Thursday for the security flaw that led the Department of Homeland Security to suggest customers change browsers until the problem was solved.
The fix updates the computers of all users of the Windows operating system who have automatic updates turned on, the company said on its security response page.
For those that don't have the updates enabled, "now is the time," wrote Dustin Childs, with the response communications team at Microsoft.
To turn it on, users should click on the "Check for Updates" button on the Windows Update portion of their Control Panel.
"For those manually updating, we strongly encourage you to apply this update as quickly as possible following the directions in the released security bulletin," Childs said.
The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
The security update was pushed out to consumers' computers through a function in the Windows operating system called Windows Update.
The fix is coming outside of Microsoft's usual monthly security update cycle, said Adrienne Hall, general manager with the company's Trustworthy Computing section.
"The security of our products is something we take incredibly seriously, so the news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us," she wrote on a Microsoft tech blog.
That's a big deal, said Trey Ford, a strategist with Rapid7, a Boston-based computer security firm.
"Major vendors like Microsoft, Oracle, Adobe and others have highly structured software testing workflows that are expensive in terms of time and resources," he said. "To interrupt a scheduled development cycle for an emergency patch, or 'out of band' release, is a noteworthy event where a vendor is placing the public good ahead of their development and delivery lifecycle."
"This means that when we saw the first reports about this vulnerability we said fix it, fix it fast, and fix it for all our customers. So we did. The update that does this goes live today at 10 a.m. PDT."
The fix is surprising because it also includes code for the Windows XP operating system, which Microsoft officially stopped supporting on April 8.
Hall wrote that because the security flaw came to light so close to the end of Microsoft support of the still-popular operating system, the decision was made to aid consumers.
"Of course we're proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade. This is why we've been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1," she said.