Emergency Patch Tuesday Targets Critical IE Flaw

Microsoft is releasing two emergency patches this morning outside of its usual Patch Tuesday rotation. The Redmond-based company has determined that fix addresses issues that require immediate attention.

Microsoft usually releases a Patch Tuesday fix about once a month addressing security vulnerabilities marked "critical" or "important," the latter being regarded as slightly less concerning. However, it rarely releases a patch outside of the monthly rotation unless something is truly wrong.

Emergency Fix Targets Visual Studio, IE

At this point, the company hasn't fully disclosed the problem, but has admitted that the two major issues this extraordinary patch fixes affect Visual Studio and Internet Explorer, two of its more widely-used applications.

"While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications," said Mike Reavey, director of Microsoft's Security Response Center.

"The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin." (Source: informationweek.com)

According to Reavey, the problems being addressed by the IE bulletin are not related to the Visual Studio vulnerability.

Insiders report that the browser issue is probably connected to an IE Kill-Bit problem that could allow an attacker to bypass a critical security wall in Internet Explorer. (Source: pcworld.com)

More than Half of All IE Users Vulnerable

Thankfully, Microsoft users with active security updates should be automatically protected from this most recent threat. Unfortunately, not everyone is playing ball -- according to a study by Google last year, less than half of all visitors to the search engine's main site employed the most up-to-date version of a browser, making them especially vulnerable to attack.

The last time Microsoft released an update of this kind out of the Patch Tuesday rotation was last December, and that also addressed an Internet Explorer vulnerability.