Researchers: Microsoft will pull trigger on emergency IE patch

Microsoft will issue an emergency update to patch a vulnerability in Internet Explorer (IE) in the next two weeks to fix a flaw criminals have been using for more than a month, researchers said Tuesday.

The company will move on the IE6, IE7 and IE8 bug before the next regularly-scheduled Patch Tuesday because of increasing attacks and proof that temporary workarounds can be circumvented.

"I wouldn't be surprised if they go 'out-of-band,'" said Andrew Storms, director of security operations at nCircle Security, using the term for an emergency update. "They won't want to wait for five weeks, and there's enough pressure on them now to work on an out-of-band."