It issued the update on Thursday to fix a bug that let hackers gain access and user rights to computers.
Microsoft ended support for Windows XP earlier this month, ceasing to issue bug fixes or security updates for it.
But the firm said it decided to make an exception as the flaw was discovered just days after the support ended.
"Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we've decided to provide an update for all versions of Windows XP," Adrienne Hall, general manager of Trustworthy Computing at Microsoft, said in a blog post.
"We made this exception based on the proximity to the end of support for Windows XP."
The flaw was reported earlier this week and there had been uncertainty over whether XP users would get the update when it was released.'Tested and ready' Continue reading the main story “Start Quote
This update is fully tested and ready for release for all affected versions of the browser”End Quote Microsoft
The flaw affected Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it.
According to NetMarket Share, the IE versions account for more than 50% of the global web browser market.
Microsoft said that hackers could exploit the flaw by hosting a "specially crafted website" designed to exploit the vulnerability.
If users visited the website, hackers could use it to gain access to their computer and get the same rights as the machine's user.
However, hackers would have needed to convince users to view and interact with the website, and would have had "no way to force users" to view the content otherwise.
On Thursday, Microsoft said its security update fixed the flaw.
"This update is fully tested and ready for release for all affected versions of the browser," the firm said.
"The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically."