Microsoft is cooking a security refresh for Internet Explorer 8, and earlier supported versions of the browser, that will be released tomorrow, July 28th, 2009. According to the Redmond company, the IE update will be accompanied by a security bulletin for Visual Studio. The software giant underlined that, although two separate security bulletins were scheduled for release come July 28th, both updates were designed to resolve a single, overall security problem. The move comes as a necessity to ensure that customers benefit from the broadest protections possible explained Mike Reavey, director, MSRC.

“While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported,” Reavey noted.

The patches coming July 28 are what Microsoft refers to as out-of-band security updates. The Redmond company has established a tradition known as Patch Tuesday, namely to release security updates collectively on the second Tuesday of each month for all supported products. The strategy was implemented because of input from customers who wanted patches to be easier to manage and integrate into IT environments. However, from time to time, whenever the severity of a vulnerability requires it, Microsoft breaks the monthly patch cycle with an out-of-band release.

As far as Internet Explorer is concerned, the patch is rated Critical and will affect IE6, IE7 and IE8 including the releases on top of Windows Vista SP2 and Windows XP SP3. Microsoft made no reference to IE8 on Windows 7, although it is probable for the browser component of the latest iteration of Windows to also be affected. Users should expect patches to be made available via Microsoft Update, Windows Update and Windows Server Update Services.