Microsoft will release an out-of-band patch for a Critical zero-day security vulnerability impacting all supported versions of Internet Explorer, including IE8 Beta 2. On December 16, 2008, the software giant informed, via Christopher Budd, security program manager, Microsoft Security Response Center, that it planned to make available an out-of-cycle security update, designed to plug a hole in Internet Explorer, which was actively exploited in the wild. Microsoft itself confirmed attacks targeting the Critical IE 0Day vulnerability including websites featuring adult content.

The Redmond company emphasized that no supported version of Internet Explorer was safe from exploits, not even the second Beta of the latest iteration. In this context, the software giant will release the out-of-band patch for Internet Explorer 8 Beta 2, just as it will do for any other copy of IE.

“This vulnerability was reported after the release of Windows Internet Explorer 8 Beta 2. Customers running Windows Internet Explorer 8 Beta 2 are encouraged to download and apply the update to their systems when the bulletin is published,” Microsoft informed.

The company explained that users running IE7 on Windows Vista RTM/SP1, Windows Server 2008 and Windows XP (including SP3), as well as IE7 and IE6 on Windows Server 2003 and Windows XP, and IE5 on Windows 2000 would all have to install the patch as soon as possible.

“Attacks incorporating the exploit have also been seen on websites around the world, potentially putting Internet Explorer users at risk in the absence of a patch. Microsoft will have been working feverishly to put a patch together that can defend all the different versions of Internet Explorer, and testing that it works as expected. Within 24 hours, the patch should be available for anyone to download, and fingers crossed computer users will be applying it without hesitation,” Sophos' Graham Cluley stated.

Internet Explorer 8 (IE8) Beta 2 is available for download here.