Internet Explorer patch coming soon

Stephen Withers
Wednesday, 20 January 2010 02:16

Business IT - Security

Microsoft is planning to release a security patch for Internet Explorer without waiting for Patch Tuesday.

In yesterday's story about the Internet Explorer vulnerability that is thought to have been exploited in the December 2009 attacks on Google and other US companies, iTWire noted "Given the widespread publicity, it is possible that Microsoft won't wait for February's Patch Tuesday to release an update if it is ready before then."

That's precisely what's happening.

Earlier this morning (AEDST), Microsoft announced that an "out-of-band" update for its beleaguered browser is on the way.

Microsoft uses the term 'out of band' to indicate an update that is released as soon as it is deemed ready for delivery, as opposed to the company's normal practice of releasing a batch of updates on the second Tuesday of each month.

"Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability," said George Stathakopoulos, Microsoft's general manager, trustworthy computing security.

"We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time," he added.

If you're wondering why an irregularly timed update should have any particular impact on customers (especially when it is to address a vulnerability that has been exploited, has been made publicly available, and is likely to be used in more widespread attacks), you could be accused of thinking like someone with just one or two PCs to look after.

What's the problem for larger installations? And what does the Australian Government have to say about the vulnerability? Please read on.