Microsoft breaks monthly patching habit

The software giant has released a fix for a security hole in Internet Explorer outside its normal monthly update. Microsoft broke its once-a-month schedule on Monday to fix a critical flaw in Internet Explorer that could allow malicious coders to take control of an unwary user's PC. The most serious problem, known as a cross-domain security vulnerability, affects all versions of Internet Explorer running on Windows NT, 2000 and XP. A person with a vulnerable system who clicks on a link in an HTML email or goes to a hostile Web site could allow an attacker to run code on their computer, Microsoft said in its advisory.

The seriousness of the issue forced the company to release the latest fixes before its normally scheduled date, the second Tuesday of the month.

"We evaluated the public nature of the vulnerabilities and heard from customers that this was impacting them, and we made the decision to publish," said Stephen Toulouse, security program manager with Microsoft's Security Response Centre.

Read Full Story