Microsoft to patch critical IE hole

In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday - outside its monthly patch cycle - for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.

The two security bulletins will address one overall issue and are being released separately "to provide the broadest protections possible to customers", Microsoft said in a statement.

The vulnerabilities affect Windows 2000, Windows XP, Vista, Windows Server 2003 and 2008, Internet Explorer 6, 7 and 8, Microsoft Visual Studio .NET 2003, Visual Studio 2005 and 2008 and Visual C++ 2005 and 2008, according to the security bulletin advance notification.

The statement said: "While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications.

"The Internet Explorer bulletin will provide defence-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."

"The Internet Explorer update will also address vulnerabilities rated as critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported," Microsoft said.

Customers who are current with their security updates are protected from known attacks related to the updates, the company said. The updates will be released through the Microsoft Update, Windows Update and Windows Server Update services.

A webcast to address customer questions is scheduled for Tuesday from 13:00 to 14:00(PDT).

Microsoft typically releases security patches on a monthly basis, the second Tuesday of every month, and did not say why it is making this rare, out-of-cycle release.

Original article: Microsoft to plug critical hole in IE from CNET News.com