Microsoft has issued a patch that repairs a vulnerability in old versions of Internet Explorer that have been exploited in the wild and that persisted despite a Fix It tool issued last month.
The flaw affects IE 6, 7, and 8 and makes it possible for attackers to execute malicious code and take control of target machines by exploiting the flaw from tainted websites. Exploits were posted online and used on thousands of sites.
Microsoft had said the surest way to avoid the problem was to upgrade to a later version of IE but many couldn't.
Microsoft took steps to block the attacks with a temporary solution that was hacked within days, prompting Microsoft now to step outside its normal security bulletin schedule of releasing patches on the first Tuesday of each month.
A webcast earlier this week featured Microsoft experts who answered customers' questions about the patch.