Microsoft to release out-of-band security patch for IE

Patch Wednesday

Yesterday HEXUS brought you the news that there is a new vulnerability in Microsoft's web browser - Internet Explorer (IE) - that could allow remote code execution.

Today Microsoft is releasing its second out-of-band (i.e. exceptional) security bulletin in two months, having hardly ever done so prior to this. A look at the bulletin reveals that the patch is aimed at IE from version 5.01 all the way to IE 8 beta 2.

It's fair to assume that this patch addresses the previously mentioned IE vulnerability and the advance notification only states that the patch comes out today. However, there's a webcast at 9pm GMT today, which you can register for here if you want to know more.

Update - 12:00 17/12/08: We've just received the following press release from security software company Symantec:

Last week Symantec reported on the Internet Explorer exploit (https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/vulnerabilities_exploits/article-id/180), which we now know to be the Microsoft Security Advisory (961051). Since then Symantec has been monitoring the vulnerability closely.

Once an infected site containing one of these iframes is visited, the IE Exploit (961051) is one of several vulnerabilities run against your computer. If your system is exploited, it drops various malicious code onto your computer. At present, Symantec has detection for this malicious code, but recommends that users keep their definitions up-to-date because the malicious code being served is changing on a regular basis.

To date, since the release of Symantec's antivirus signature for this vulnerability, the company has observed over 33,000 hits on its customers.

At present, Asia is clearly leading the way for potential infections through exploitation of this vulnerability. The top 10 countries detecting the exploit are: