Picking up pace on fixing the critical security vulnerability that affects Internet Explorer (IE) 6 and 7 - especially after the recent public release of exploit code by Israeli security researcher Moshe Ben Abu -, Microsoft has announced that it is testing a patch to address the flaw.

Though the company refrained from specifying when the emergency fix will be delivered, Jerry Bryant, a senior manager at the Microsoft Security Response Center (MSRC), revealed that the release of the exploit code indicated that a patch might be issued before Microsoft’s April 13-scheduled ‘Patch Tuesday.’

In an advisory on the MSRC blog, Bryant said: “We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing.”

The IE6 and IE7 users were first cautioned about the flaw last Tuesday when Microsoft appended in its ‘Patch Tuesday’ release that hackers were exploiting the bug.

On Wednesday, Moshe Ben Abu got hold of the attack code from a site which was reportedly using the IE flaw for carrying out “drive-by” attacks; crafted a public exploit, and had it published on the popular Metasploit penetration testing framework.

However, even before Abu posted his exploit, security experts had expressed the opinion that Microsoft would probably ship an ‘out-of-band’ update to fix the vulnerability in case the attack code went public.