In response to the VML vulnerability in Internet Explorer, Microsoft has issued a rare, out-of-cycle patch. Microsoft traditionally issues new security patches on the second Tuesday of each month so that system administrators have time to test the patch before rolling it out to desktops on a network. But because details on how to make an exploit for this Internet Explorer have been posted on the Internet, and because various third-party security vendors have issued their own patches, Microsoft rushed this patch.
Entitled "Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) ," this bulletin affects users of Internet Explorer 5.01 and 6.0 running on Windows XP SP1 and SP2, as well as users of Windows Server 2003. See the Microsoft Security Bulletin for patch information.