Microsoft has just issued an out-of-band security update to fix a critical vulnerability in its Internet Explorer web browser that is being actively exploited. The flaw, which affects all versions from IE 5 to IE 8 Beta 2, lies in the browser’s data binding function and is being actively exploited since last week through specially-crafted web pages.

Although attacks have reportedly been limited, security experts warned that if carried out successfully, it could give an attacker the same user rights as the local user and ultimately the ability gain access to sensitive data. Microsoft is urging users of IE to download and apply the patch as soon as possible via the Windows Update mechanism. This marks the second time in only two months that the company has released a security patch outside of its monthly cycle, following one in October which addressed a dangerous remote procedure call (RPC) error that could result in remote code execution.