Microsoft is issuing on January 21 an out-of-band (meaning, not tied to a normal Patch Tuesday) correct for the net Explorer safety breach that impacted Google and other firms in China. Microsoft ideas to create the fix, designated as “critical,” available as close to 10 a.m. PST as possible, officials said.Update (9 a.m. PT): The patch is out. Steven Bink of Bink.nu fame, has links to all the various versions available for download.While Microsoft officials say the “only successful attacks” have been against customers running IE6, the repair also applies to IE7 and IE8.Here;s the official word, via a Microsoft spokesperson:“(W)e will be releasing MS10-002 (on) January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST as possible. This is a common cumulative update, accelerated from our regularly scheduled February release, for Net Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, and also several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”Microsoft also updated Safety Advisory 979352 to include information about additional products that may be affected by this vulnerability and guidance related to reports of proof of concept (POC) code that bypasses Data Encryption Protection (DEP),
Windows 7 Home Basic, the spokesperson said.My blogging colleagues Ed Bott and Ryan Naraine have been covering this issue in more depth over the past few days, for those who want more information and background.