Tomorrow or next week--out of sync with Microsoft's planned monthly security fixes--the company will finally issue a critical security patch for the infamously buggy Microsoft Internet Explorer (IE) Web browser. The patch will fix the flaw that led to last month's Download.Ject malware attack and will be applicable to IE 6.0, 5.5, and 5.01. The patch will follow an unprecedented configuration-change update that the company released to partially fix the Download.Ject problem--an update that security experts quickly denounced as ineffective.
"We have people working around the clock on \[the patch\]," IE Product Unit Manager Dean Hachamovitch said yesterday in a public chat. "Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience." How one security fix will suddenly make IE the most powerful and secure browsing experience is unclear, however. As I've outlined on the SuperSite for Windows, alternative browsers are feature-packed and are more secure than IE.
In any event, Microsoft has declined to specify the precise day that the company will issue the patch, although the release could take place as early as tomorrow. A spokesperson said yesterday that the patch will ship when Microsoft deems it to be both effective and high quality.