Microsoft has posted a notification that a patch for a security issue found in its Internet Explorer web browser will be released at approximately 10 a.m. PST on Monday, January 14, 2013 (Tuesday 15th January 2013 7am New Zealand time).
This out-of-band security update is being released to address a security problem described in the company's Security Advisory 2794220.
The vulnerability is found in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8.
At the time of the disclosure Microsoft pointed out some suggestions and mitigating factors. For example users running Internet Explorer in Enhanced Security Configuration found in Windows Server are not at risk, as well as users running Internet Explorer 8 and Internet Explorer 10.
Microsoft usually issue software updates every second Tuesday of the month (second Wednesday of the month New Zealand time), and only sends out-of-band updates in critical situations that require fast action.
Microsoft's Dustin Childs, Group Manager Trustworthy Computing said in a blog post "While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version."
"We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action."