Microsoft issues emergency patch for IE flaw

Microsoft is to release an emergency patch for the Internet Explorer (IE) flaw that has seen Google and several other major companies hacked over recent months, saying it has little choice given the "escalating threat environment".

Despite claiming that only the ageing Internet Explorer 6 is vulnerable to the attacks, and that they are very limited in nature, the company is nonetheless issuing an out-of-cycle update across the board.

Earlier this week, Microsoft urged users of its IE software to update to the latest version, Internet Explorer 8, but in doing so was forced to concede that both versions 7 and 8 of the software were also vulnerable to the IE6 security flaw that has left US computing giant Google and the Chinese government in a high-profile standoff.

In making the admission, Microsoft was quick to stress that it had not seen successful attacks against IE7 or IE8 as yet, but its researchers had proved the possibility was there.

Writing on the Microsoft Security Response Center blog yesterday, Trustworthy Computing Security general manager George Stathakopoulos said: "Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability."

The exact timing of the release will be known later today, but with the next monthly Patch Tuesday window still three weeks away, Microsoft has little choice to break its traditional update protocol.

"We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time," Stathakopoulos wrote.