The time-honored idea of "Patch Tuesday" has gone out the window (no pun intended, promise) in response to an Internet Explorer vulnerability Microsoft's classified as critical. A patch will be issued today, Thursday the 21st, in response to the threat, instead.This ties in to a couple of recent news stories. Remember the Google China attack that caused the search giant to threaten leaving the country? The same attack that may have affected Adobe, Dow Chemical, Northrop Grumman, Symantec, and Yahoo? The hole Microsoft's shutting today was used in that series of hacks.
Also, like the 17-year-old Windows flaw we wrote about yesterday, the IE vulnerability has been around for quite a while; an official list of affected software names everything from Windows 7 and IE 8 to Windows 2000 and Internet Explorer 5.01.
As for some other facts, the problem relates to remote code execution, Microsoft's patch should come out around 11 AM Redmond time, and installing the patch will require a system restart.
And if you need further evidence of the importance of this development, Microsoft said in a security bulletin that it "will host a webcast to address customer questions on the out-of-band bulletin on January 21, 2010, at 1:00 PM Pacific Time . . ." (The webcast will be available for viewing afterward, too.)
IT professionals and end users might want to respond as quickly as possible, allowing for a reasonable degree of convenience; just save your work and sacrifice a couple of minutes of computer time when the patch comes out.
It's not very often that Microsoft abandons the tradition of Patch Tuesday, and it's usually in everybody's best interest to pay attention when the corporation does.
netizens left a footprint.