Microsoft released yesterday an emergency patch for an Internet Explorer vulnerability, which was rated as critical and considered a top priority.

"At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7," explained Christopher Budd, Microsoft security response communications lead, in an e-mailed statement. "Our investigation of these attacks so far has verified that they are not successful against customers who have applied the security update. MS08-078 has a maximum severity rating of Critical for all versions of Internet Explorer," he added.

The flaw is believed to affect all versions of the browser and the IE update was designed to cover all users using any of the following: Windows 2000 for IE 5.01: XP, XP Professional, Server 2003 for IE 6; and XP, Server 2003, Vista and Server 2008 for IE 7.

The security problem appeared with the discovery of a fundamental flaw in the browser's data binding function, which can leave a hole in the memory space, allowing remote hackers to access it. Once that happens, Internet Explorer can quit unexpectedly leaving the computer in an exploitable and dangerous state.

The company releases these security updates on the second Tuesday of every month. There are special cases, just like this one, when Microsoft puts out the patch as soon as it is completed, in order to make sure that its clients are safe from attacks.

Up to this point, Microsoft security researchers stated that approximately 1 in 500 users of Internet Explorer might have been exposed to malware attempting to exploit the critical vulnerability.