Microsoft rushes to fix Internet Explorer zero-day flaw

Microsoft has announced plans to release an out-of-cycle update to fix a critical zero-day vulnerability in its Internet Explorer web browser.

The company's Trustworthy Computing (TwC) division announced it would be releasing a patch designed to fix the flaw in a security bulletin on Sunday.

The flaw was originally revealed in a security bulletin earlier in December. The flaw relates to a number of older Internet Explorer versions and is dangerous as it leaves users open to a variety of cyber attacks.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," read TwC's release.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Despite its possible uses, Microsoft was quick to add the flaw's impact on end users has remained minimal.

"At this time, customer impact has been limited and only customers on Internet Explorer 6-8 are affected. Internet Explorer 9-10 are not affected by this issue," Microsoft Trustworthy Computing group manager for response communications, Dustin Childs, told V3.

The zero day vulnerability is one of many to have been patched this January. Prior to it Oracle released a similar patch for a vulnerability in its Java software.