As expected, Microsoft has issued a patch two weeks early to plug a security hole that has been exploited by cybercriminals
Microsoft issued a "critical" security fix for Windows on Tuesday, two weeks before its scheduled release date.
The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs via Internet Explorer. Malicious software can be loaded, without the user"s knowledge, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or in an email message.
"An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML email that could potentially allow remote code execution if a user visited the Web page or viewed the message," Microsoft said in security bulletin MS06-055. Email messages that use HTML, or HyperText Markup Language, look like a Web page.
The vulnerability does not apply to IE 7, the upcoming version of IE that is available right now in a pre-release form, Microsoft said.
Microsoft typically releases fixes on each second Tuesday of the month, which has become known as Patch Tuesday. The last time the software maker rushed out a fix was in January, when another image-related flaw in IE was being used to compromise Windows PCs through malicious Web sites.