Software Testing Blog

Around 1:00 PM EST today, Microsoft will release an emergency patch for all versions of Internet Explorer.  They’re issuing the patch today instead of on their usual timeline because of the recent security issues involving Google.  It seems that hackers were able to target a previously unknown bug in IE as part of their attack against several accounts with Google.  ZDNet quotes a spokesman from Microsoft saying:

“(W)e will be releasing MS10-002  (on) January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

If you run Internet Explorer (and statistics say that 62% of you do) run Microsoft Update a little after 10:00 AM PST and make sure you grab this update.  And if you run an IT department, you should consider deploying the patch to your users as soon as you can.