Microsoft Corp. said today it plans to break from its regularly scheduled monthly software update cycle to issue a patch on Tuesday for a security hole in its Internet Explorer Web browser that hackers have been exploiting lately.
Microsoft normally releases security updates on “Patch Tuesday,” the second Tuesday of each month. But this Tuesday, Mar. 30, Microsoft will release a cumulative update for Internet Explorer that fixes a critical software flaw in IE 6 and IE 7. The browser flaw lets hackers break into vulnerable systems remotely, with little help from users.
Redmond initially said it was aware of only “targeted” attacks that leveraged this vulnerability. But Microsoft’s statement that accompanied this announcement suggests that these attacks may have become more widespread.
“We have been monitoring this issue and have determined an out-of-band release is needed to protect customers,” Microsoft said in a statement on its Security Response Center blog today.
Tomorrow’s update will correct that flaw, as well as at least nine other security holes in IE that Microsoft had planned to patch on the next official Patch Tuesday (April 13).