Mike Reavey, group manager at Microsoft Research Centre, claimed that the release has a target of 10am Pacific Time on Tuesday 28th July with an intention ‘to address a single, overall issue, in order to provide the broadest protections possible to customers'.
Writing on the MSRC blog, Reavey said: “While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications.
“The Internet Explorer bulletin will provide defence-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.”
Alex Eckelberry, president and CEO of Sunbelt Software, said: “It's always big news when MS does an out-of-band update, because it is a major amount of work for them to test against all the different operating systems, change their normal release cycle, etc.
“Out-of-band updates are only done when Microsoft feels there is a real need, so I would take this update seriously (in the past several years, there have been only a few such updates, such as WMF and netapi32, the source of the Conficker nightmare).”
Graham Cluley, senior technology consultant at Sophos, said: “Of course, it's a headache for IT departments to have to evaluate and roll-out security patches when they're not expecting them, but in my view if Microsoft thinks the issue is serious enough to issue patches outside of their normal cycle then it makes sense to act as quickly as possible.”