In what will be Microsoft’s second ‘out of band’ patch this year, the company will Tuesday release a security update – MS10-018 - to fix the zero day vulnerability that has, of late, been affecting Internet Explorer 6 and Internet Explorer 7, and has been used in targeted attacks over the last few weeks.

The flaw is a consequence of an invalid pointer reference within Internet Explorer (IE); and is accessible after an object is deleted – thereby allowing the hackers to carry out remote code execution attacks. Microsoft had cautioned the users against the attacks in its Security Advisory 981374 – the company’s official March ‘Patch Tuesday’ release.

According to a Monday statement on Microsoft’s official blog, the update will fix as many as nine vulnerabilities, some of which also affect the IE 8. Microsoft also added that the nine vulnerabilities “were responsibly disclosed;” and added that the company is unaware of any active attacks that are targeting these vulnerabilities.

Commenting on the out-of-band patch by Microsoft, Wolfgang Kandek, chief technology officer of Qualys, said that it is “an indication that attacks against the 'iepeers' vulnerability are on the rise.”

Kandek further added: “If you are still using IE6 or IE7, patch immediately. But even if you are on IE8 you should patch as quickly as possible, as attackers will start reverse engineering the flaws addressed and preparing corresponding exploits within the week.”