IT departments braced for Microsoft out-of-band patches

Internet Explorer
Microsoft has announced that on Tuesday it will release two out-of-band security patches designed to fix vulnerabilities in Internet Explorer and Microsoft Visual Studio.

Microsoft normally bundles its security updates into a monthly package, known in the industry as “Patch Tuesday” because it coincides with the second Tuesday of the month, and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. This means that Microsoft considers the situation particularly important to patch as soon as possible.

It also means that IT staff responsible for protecting the computer systems at businesses around the world will need to be ready to roll out the patch, or potentially leave their organisations exposed to the threat of hackers installing malicious code (such as a worm) without user intervention.

Of course, it’s a headache for IT departments to have to evaluate and roll-out security patches when they’re not expecting them, but in my view if Microsoft thinks the issue is serious enough to issue patches outside of their normal cycle then it makes sense to act as quickly as possible.

Sign up to our free newsletter.
Security news, advice, and tips.

Dan Goodin’s article in The Register goes into some more detail on the out-of-band patches.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.