The exploit code release means Microsoft will issue a patch for the flaw before the next 'Patch Tuesday'. "We have seen speculation that Microsoft might release an update for this issue out of band. I can tell you that we are working hard to produce an update which is now in testing," said Jerry Bryant, senior security communications manager lead at Microsoft.
"This is a critical and time-intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications," he wrote in an advisory on the Microsoft Security Response Center blog.
"We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs." The vulnerability does not affect Internet Explorer 8, and Microsoft has repeatedly urged users of older versions of Internet Explorer to upgrade to the latest version of the browser for security reasons.
Written by: James Delahunty @ 14 Mar 2010 18:02
