Microsoft has broken its traditional monthly patch release cycle - fondly known by sysadmins around the world as 'Patch Tuesday' - to release an emergency fix for a zero-day vulnerability in its Internet Explorer web browser.
The flaw - which, according to CNet
doesn't affect users running Internet Explorer 8 or Windows 7 - allows remote attackers to take full control of a target machine simply by directing users to a malicious website.
With the flaw under active attack, Microsoft has ditched its usual release cycle in order to get the fix out as soon as possible - and it's a pretty big fix, repairing as it does nine holes in Internet Explorer including the one currently being exploited by hackers.
While the release of an out-of-cycle patch can be good news for end-users - who receive the security update as quickly as possible - it can be a headache for corporate IT departments, who are suddenly faced with the need to test a patch for emergency deployment with little warning or allow it to roll out without adequate testing in order to protect their users from attack.
Although the current attacks only affect versions of Windows prior to Windows 7 and Internet Explorer 6 and 7, all users are advised to install the patch as it fixes additional vulnerabilities which could lead to attacks on newer versions of Microsoft's software.
The patch is available from today via Windows Update.
Are you pleased to see that Microsoft is willing to veer from its patch release schedule if the problem is serious enough, or are you not looking forward to the headache of an out-of-cycle patch? Share your thoughts over in the forums