Microsoft Issues Another Highly Critical Out-of-Bound Patch

Microsoft has released another emergency security patch for all version of Internet Explorer. The patch is considered a highly critical patch that fixes a security flaw that would allow a remote intruder to take over your computer. Microsoft believe there have been more than 2 million computers infected thus far because of the flaw.

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

Microsoft's emergency security patch will become available Wednesday at 1 p.m. EST at the Microsoft Update site as well as at the Microsoft Download Center. All users of IE5, 6, and 7 are advised to install it. A separate patch is expected to be made available for users of IE8 Beta 2. Expect to see far more detail by midday Wednesday when Microsoft officially issues its security bulletin.