The patch, issued precisely two weeks before the next scheduled security update from Microsoft, addresses the vulnerability announced in Security Advisory 981374. The security flaw, which affects Internet Explorer versions 6 and 7, stems from an invalid pointer reference.

"We recommend that customers install the update as soon as it is available. Once applied, customers are protected against known attacks related to Security Advisory 981374," said Jerry Bryant, group manager for response communications on the Microsoft Security Response Center blog. "We have been monitoring this issue and have determined out-of-band release is needed to protect customers."

The security patch, which will also address nine other vulnerabilities in Internet Explorer, comes just a couple of months after another patch was issued to cover a zero-day flaw found in Microsoft's browser. That vulnerability was used by hackers to exploit more than 30 companies in an attack that has become known as Operation Aurora.

"It is not uncommon lately for Microsoft to release out-of-band," said Jason Miller, data and security team manager for Shavlik Technologies, which sells patch management software and configuration management products. "Microsoft monitors the situation through customer reports and exploit activity.  If they notice, as in this case, the threat is growing, they will release out-of-band to address the vulnerability."

The zero-day vulnerability addressed by this patch was announced on Microsoft's patch Tuesday, on March 9. Even though it only affects earlier versions of Microsoft, other vulnerabilities patched in the early release do apply to Microsoft's Internet Explorer version 8.