It can be exploited via email and via websites running the malicious code. Attacks based on the flaw have risen sharply since its discovery last week.
Microsoft had planned to release the patch as part of its monthly update due on 10 April, but the increase in exploits has prompted the firm to release the patch a week early.
Christopher Budd, a security programme manager at Microsoft, said on the company's Security Response Centre Blog: "Over this weekend attacks against this vulnerability have increased somewhat."
"Due to the increased risk to customers, we were able to expedite our testing to ensure an update for broad distribution sooner than 10 April."
Microsoft claimed that the attacks and customer impact are "limited", but is encouraging users to download the patch as soon as it is made available.
Two unofficial patches have already been released to fix the bug, one from eEye Digital Security and one from the Zeroday Emergency Response Team.
Microsoft said that it is working with law enforcement officers to track down attackers.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
