Its decision to accelerate the release rather than waiting until next Patch Tuesday on 13 April is an indication that attacks against the vulnerability are increasing, according to Wolfgang Kandek, chief technology officer at security firm Qualys.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Like the last IE zero-day patch, Microsoft is including fixes for nine other vulnerabilities.
This means the patch is critical for all versions of IE, not just IE 6 and 7, which are the only versions affected by active attacks using the latest zero-day vulnerability.
"If you are still using IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week," Kandek said.
Jerry Bryant, group manager of response communications at Microsoft, said all of the nine additional vulnerabilities were responsibly disclosed and there are no known active attacks against them.
"For customers using automatic updates, this update will automatically be applied once it is released," he said.