Microsoft Corp. is taking the unusual step of issuing an emergency fix for a security hole in its Internet Explorer software that has exposed millions of users to having their computers taken over by hackers.
The "zero-day" vulnerability, which came to light last week, allows hackers to take over victims' machines simply by steering them to infected Web sites. Unlike most viruses, users don't have to download anything for their computers to get infected, which makes the flaw in Internet Explorer's programming code extremely dangerous.
The software giant rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that.
Microsoft said it plans to ship a security update, rated "critical," for the browser on Wednesday. People with the Windows Update feature activated on their computers should get the patch automatically.
Thousands of Web sites already have been compromised by hackers looking to exploit the flaw. The bad guys have loaded malicious code onto those sites that automatically infects visitors' machines if they're using Internet Explorer and haven't employed a complicated series of workarounds that Microsoft has suggested.
Microsoft said it has only seen attacks targeting the flaw in Internet Explorer 7, the most widely used version, but has cautioned that all other editions of the browser are vulnerable.