It's thought that nearly two million computers have been infected by the bug, which allows hackers to steal personal data including passwords if the browser is used to navigate a compromised website. It's been estimated that nearly 10,000 compromised websites currently exist on the web.
In an advanced notification of the patch, Microsoft describes the fix as protection for a "remote code execution" vulnerability. The move follows Microsoft's security advisory posted last Wednesday and updated Monday explaining the vulnerability and suggesting temporary "workarounds" for protection. Some security analysts have even suggested that users temporarily swap to other browsers including Mozilla's Firefox and Apple's Safari.
The patch will be made available for IE5, IE6 and IE7 users today at the Microsoft Update site as well as at the Microsoft Download Center. A separate patch for IE8 Beta 2 is also expected to be released.
See also: New IE8 features to aid disabled users