The flaw is believed to have already infected as many as 10,000 websites.
The "zero day" exploit let criminals take over victims' computers by steering them to infected websites.
Microsoft's Christopher Budd said the software giant "encourages all IE customers to test and deploy this update as soon as possible".
He also said the threat led Microsoft to mobilise security engineering teams worldwide to deliver a software cure "in the unprecedented time of eight days".
The company's security response team said the patch consists of more than 300 distinct updates for more than half-a-dozen versions of IE in around 50 languages.
Microsoft stressed that the flaw was proven to exist only in IE 7 on all applicable versions of Windows, but that IE 6 and the "beta" release of IE 8 were "potentially vulnerable".
Users who have automatic updates turned on will receive the patch over the next 24 hours while others can access it via a download.
