Microsoft promises urgent fix for IE vulnerability

The high-profile IE flaw is being actively targeted by hackers

Microsoft has confirmed that it is working on an out-of-cycle update to address the recently disclosed vulnerability in Internet Explorer.

The company said on Tuesday that it is preparing an unscheduled update to address the remote code execution flaw, and will provide more details on Wednesday.

Such fixes ignore the company's monthly Patch Tuesday release schedule, and are generally deployed in the case of a high-profile flaw which is being actively targeted.

In this case, the vulnerability could allow for a specially crafted web page to crash the browser and remotely install software. The flaw is believed to be the attack vector used in the so-called Operation Aurora attacks on Google and Adobe.

Microsoft has recommended that users update their browser as soon as the patch is available to help mitigate the threat.

"To date, the only successful attacks that we are aware of have been against Internet Explorer 6," wrote Microsoft Trustworthy Computing security manager George Stathakopoulos in an update posted to the company's security blog.

"We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers."

Other security groups, however, are proposing more drastic action. Government computer security agencies in Germany and France are advising users to stop using IE altogether until a fix from Microsoft is released.