Wednesday Microsoft is releasing an out-of-cycle emergency security patch for all versions of Internet Explorer. It is considered a critical (highest level in the Microsoft Update gravity rating) fix for the security flaw that left Internet Explorer wide open. More than two million computers have so far been infected.

The advance patch notification published Tuesday classes the flaw as a “remote code execution” vulnerability. The patch was expected after Microsoft released a security advisory last Wednesday, which was updated on Monday with further details and temporary “workarounds” to minimize risk.

The flaw is serious in that it allows attackers to basically take complete control of a victim’s computer as well as to steal private data if the user visit a website compromised and injected with malicious code, of which there already exist some 10,000. The vulnerability has so far mostly been used in China to steal game passwords to be sold on the black market, but the method could be used to steal more sensitive info like banking passwords and other such.

Some security analysts have recommended that all IE users switch to another browser until Microsoft has posted a proper fix. As an aside, we also recommend that you stay there even after it has done so.

The emergency security patch for IE will be made available by Microsoft Wednesday at 1 p.m. EST on Microsoft’s update site as well as at the Microsoft Download Center. All Internet Explorer 5, 6, and 7 users advised to install it. A separate patch will be released for users of Internet Explorer 8 Beta 2.