Microsoft To Emergency Patch IE As The Web Gathers With Pitchforks Around IE6

angry mob by Robert Couse-BakerWhen Microsoft updates its software, it typically likes to do so in bulk, which it often calls “Patch Tuesday.” But amid growing controversy around the vulnerability of its Internet Explorer web browser, and particularly IE6, Microsoft has decided to go “out of band” and release the update as a stand-alone fix, which it will do ASAP, it notes today.

While not specifically stated in the post, this move seems to be a direct response to word that IE6 was to blame for the large-scale Chinese attacks on a number of large web companies recently. As you have no doubt heard, this included Google, which prompted them to say they would stop censoring search results in China, and could be kicked out of the country as a result. Microsoft has denied that it was targeted in this hacking, but has admitted a vulnerability in IE was at least partially to blame. According to Microsoft, attacks aimed at the browser are still ongoing.

In noting this security upgrade, Microsoft also says that it is recommending that all its customers upgrade to Internet Explorer 8, the latest version of the browser which has better security in place. Of course, Microsoft’s own investigation has found that IE8 is vulnerable as well. It’s a nightmare.

Following the attacks, even adamant Microsoft supporters are joining a chorus that has existed for years: that Microsoft should kill off IE6. Unfortunately, there are a number of companies that still have to use the browser because they have systems in place built specifically to run with it.

That, of course, is also Microsoft’s own fault since they decided for years to use their own proprietary web code when everyone else started to rally around web standards. While the company has been getting better at that, IE remains the browser that is by far the worst when it comes to compatibility with web standards. And Microsoft is still only now making efforts to play nicer with the W3C, the body that oversees web standards. And that’s only because IE continues to bleed market share.

Here’s the key nugget from Microsoft’s statement today:

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.

We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time.  We will provide the specific timing of the release tomorrow.

[photo: flickr/robert couse-baker]