Microsoft has released a fix for a critical security vulnerability in Windows several days before the patch's scheduled delivery. 

The software giant said that it is breaking with its normal monthly patch cycle because it completed testing of the security update earlier than anticipated.

Microsoft explained in a statement that the release should be made available as soon as possible "in response to strong customer sentiment".

However, some security experts have questioned whether the patch was released early in response to an unofficial patch released by Russian software engineer Ilfak Guilfanov. 

Graham Cluley, senior technology consultant at Sophos, said: "Microsoft did not want people using the other patch and were concerned about it causing problems. But I think it's more likely that Microsoft has greased the wheels a bit because the threat is so big."

Security bulletin MS06-001, originally scheduled for Tuesday, is the first of this year and fixes a vulnerability in the way Windows renders Windows Meta File images.

The bug was discovered last week and is increasingly being used in what Microsoft calls "malicious and criminal attacks on computer users". 

Alan Bentley, UK managing director at PatchLink, said: "The patch was obviously deemed critical enough to release it early and break the traditional 'Patch Tuesday' cycle, which is a benefit to all Microsoft customers worldwide in the current predicament.

"The question for business users is how long will it take them to deploy the patch. Average numbers from last year were around 30 days to get a patch fully deployed to all computers within a corporate network.

"Hopefully, IT administrators will be making a New Year resolution to improve on that time in 2006 without taking the 'wait and see' approach."