IT departments braced for Microsoft out-of-band patches

Filed Under: Microsoft, Vulnerability

Internet Explorer
Microsoft has announced that on Tuesday it will release two out-of-band security patches designed to fix vulnerabilities in Internet Explorer and Microsoft Visual Studio.

Microsoft normally bundles its security updates into a monthly package, known in the industry as "Patch Tuesday" because it coincides with the second Tuesday of the month, and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. This means that Microsoft considers the situation particularly important to patch as soon as possible.

It also means that IT staff responsible for protecting the computer systems at businesses around the world will need to be ready to roll out the patch, or potentially leave their organisations exposed to the threat of hackers installing malicious code (such as a worm) without user intervention.

Of course, it's a headache for IT departments to have to evaluate and roll-out security patches when they're not expecting them, but in my view if Microsoft thinks the issue is serious enough to issue patches outside of their normal cycle then it makes sense to act as quickly as possible.

Dan Goodin's article in The Register goes into some more detail on the out-of-band patches.


You might like

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley