Breaking its usual security update schedule, Microsoft has released a critical patch for a vulnerability in Internet Explorer that could allow hackers to gain user privileges on vulnerable machines.

The flaw centres on an unchecked buffer in Explorer's processing of HTML. If a user visited a specially designed web page, the hacker would be able to transfer code to the victim's PC.

Users of Windows XP with Service Pack 2 or Exchange Server 2003 are not affected, but all other users are being urged to download the patch as soon as possible. It is available here.

Microsoft usually releases patches on the second Tuesday of every month, but will break the cycle if it believes the patch is serious enough to warrant early release.