The Internet Explorer vulnerability being called XPocalypse is being patched by Microsoft even for XP. The attack that appears to rely on having Adobe Flash Player installed exploits IE 9, 10 and 11, but Microsoft warns the underlying vulnerability is in all versions on IE.
Originally, Microsoft was not intending to patch XP but has included it in the update. This is good news for XP users. You get a little more life from your operating system and protection from XPocalypse.
The update went live, May 1, at 10 PDT. If you are like most people, you have automatic updates turned on, and you’ll get this new update without having to do anything. If you haven’t turned it on automatic updates yet, you should do so now. Click the “Check for Updates” button on the Windows Update portion of your Control Panel to get this going.
Read the Microsoft Blog post here.