Microsoft has announced that on Tuesday it will release two out-of-band security patches designed to fix vulnerabilities in Internet Explorer and Microsoft Visual Studio.
Microsoft normally bundles its security updates into a monthly package, known in the industry as “Patch Tuesday” because it coincides with the second Tuesday of the month, and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. This means that Microsoft considers the situation particularly important to patch as soon as possible.
It also means that IT staff responsible for protecting the computer systems at businesses around the world will need to be ready to roll out the patch, or potentially leave their organisations exposed to the threat of hackers installing malicious code (such as a worm) without user intervention.
Of course, it’s a headache for IT departments to have to evaluate and roll-out security patches when they’re not expecting them, but in my view if Microsoft thinks the issue is serious enough to issue patches outside of their normal cycle then it makes sense to act as quickly as possible.
Dan Goodin’s article in The Register goes into some more detail on the out-of-band patches.