Microsoft is to release an emergency out-of-band patch today for the zero-day vulnerability disclosed this month that affects web applications built on ASP.NET.
The patch comes just a week after Microsoft confirmed exploits of the vulnerability, which potentially affects millions of web applications.
The patch, which will fix the flaw in all versions of the .NET framework, will be available initially only on the company's Download Center.
The update will be released through Windows Update and Windows Server Update Services within the next few days.
Windows desktop systems are listed as affected, but Microsoft said consumers are not vulnerable unless they are running a web server from their computer.
Microsoft published workarounds to defend against attacks exploiting the ASP.NET flaw shortly after it was publicly disclosed. However, researchers said the workarounds did not fully protect users.
"Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers, as we have seen limited attacks and continued attempts to bypass current defenses and workarounds," said Dave Forstrom, director of Trustworthy Computing at Microsoft, in a blog post.