Microsoft issues out of band IE patch
Microsoft has rolled out a series of patches ahead of schedule for its Internet Explorer browser.


Microsoft has issued another patch for Internet Explorer, this time outside of its regular monthly update cycle.
The patch fixes a zero-day flaw in IE6 and IE7 that takes advantage of an invalid pointed reference to allow remote code execution if a user visits a malware-loaded page.
Attackers have already been making use of the flaw, Microsoft said earlier this month.
"We have been monitoring this issue and have determined an out-of-band release is needed to protect customers," communications head Jerry Bryant said on the Microsoft security blog.
Microsoft stressed that most recent browser IE8 was not affected by the flaw, and again urged users to update to that version.
The update will also include fixes for nine other vulnerabilities in the browser, which were going to be released on 13 April as part of the monthly patching cycle - effectively giving admins two big patches to roll out in the next few weeks.
"Some of those also affect Internet Explorer 8," said Bryant. "All of the nine additional vulnerabilities were responsibly disclosed and we are not aware of any active attacks against them."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The patches will roll out later this afternoon, via Microsoft's automatic update process.
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
The IT industry’s shift to circular, low-carbon solutions
Maximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition review
Reviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
Vulnerability management complexity is leaving enterprises at serious risk
News Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own game
Whitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different story
Whitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Three steps to transforming security operations
Whitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?
In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realm
Whitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies fail
In-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
-
Sitecore XP RCE flaw is being actively exploited, ACSC warns
News The vulnerability was fixed last month but hackers are now moving against patching laggards