Microsoft has announced that it will be issuing an emergency out-of-band patch for a critical security hole in some versions of Internet Explorer on Tuesday 30 March.
According to a Microsoft advisory, the emergency fix is designed to protect users of Internet Explorer 6 and Internet Explorer 7.
Microsoft normally bundles its security updates into a monthly package, known in the industry as “Patch Tuesday” (the second Tuesday of each month), and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. Clearly Microsoft considers the bug particularly important to patch as soon as possible.
And in my opinion they’re right not to leave this vulnerability unpatched until April 13th. Earlier this month I described how hackers are actively exploiting the vulnerability, in their attempt to infect computers.
The researchers in SophosLabs reported some of the malicious spam messages we have seen being distributed which attempt to trick users into visiting websites that will exploit the zero day vulnerability and infect Windows PCs.
More information about the security flaw can be found in Sophos’s analysis of the problem.
So, if you are still using Internet Explorer versions 6 or 7, please be sure to update your systems as soon as Microsoft releases the fix. But, in all honesty, what are you doing running such old versions of IE anyway? Shouldn’t you have upgraded to Internet Explorer 8 by now?