Microsoft is to release five security patches for its products next week, the list will include an IE fix to a vulnerability that hackers have been exploiting in the past month. The company is also looking to repair three other Windows' problems as well as a fix for an Office vulnerability.
Although some had called for Microsoft to release an early version of the IE patch this now seems unlikely. "Our test and engineering plan for that update that we began two weeks ago is on track to have that update ready for Tuesday," wrote Stephen Toulouse, security program manager with Microsoft's security response center in his blog.
Microsoft releases its security patches on the second Tuesday of every month, a predictable process that makes corporate system administrators happy. But the schedule also has led some users to download unsupported third-party security updatesin between official patch releases from Microsoft.
Prompted by the severity of the IE bug, known as the "create TextRange ()" vulnerability, security vendors eEye Digital Security and Determina have already offered free downloads that fix the IE bug. To date, eEye reports more than 100,000 downloads of its software, which is not recommended by Microsoft.
Microsoft has plenty of other browser problems to address in the patches, including a second critical vulnerability that, like the create TextRange () bug, could be exploited by hackers to take over a system. Security researchers have also reported two less-critical IE problems with the browser, including a newly discovered bug that could be used by phishers to trick users into thinking they are visiting trusted websites.