Microsoft has released an emergency update to patch a security vulnerability in Internet Explorer that is being exploited in attacks aimed at government contractors and other targeted organizations.
The patch fixes a "use after free" bug in versions 6, 7, and 8 of the Microsoft browser and will be automatically installed on affected machines that have automatic updating enabled, Dustin Childs, the Group Manager of the company's Trustworthy Computing program wrote in a blog post published Monday. The unscheduled release comes just six days after Microsoft's most recent monthly Patch Tuesday batch of security updates, but it was pushed out to counter an experienced gang of hackers who have infected websites frequented by government contractors to exploit the vulnerability.
Monday's update came hours after Oracle released an unscheduled patch to fix a critical vulnerability in its Java software framework. As Ars reported last week, the zero-day Java exploits were added to a variety of exploit kits that criminals use to turn compromised websites into platforms for silently installing keyloggers and other malware on the machines of unsuspecting visitors.