On Wednesday, Microsoft will issue an emergency, out-of-cycle security bulletin for a critical flaw affecting all versions of Internet Explorer.
The bulletin is in response to a growing threat. Since the first week in December, the AZN Trojan has been exploiting a known flaw in IE. Visitors to infected Web sites could become infected with a Trojan horse that can download malware onto a user's system.
Microsoft normally issues patches on the second Tuesday of each month, "Patch Tuesday." But out-of-cycle patches are not without precedent. Recent examples include the flaw in how Windows handles remote procedure calls (RPC) in October,the Windows Animated Cursor Remote Code Execution Vulnerability in April 2007, a vulnerability in Vector Markup Language in September 2006, and a vulnerability in the Graphics Rendering Engine in January 2006.
The patch will be automatically distributed to Windows users with Automatic Updates enabled. The patch is also available via Microsoft Update or the individual bulletin for MS08-078 (available after 11 a.m.Pacific Wednesday).