Two moths after the official release of Internet Explorer 7, Microsoft has issued zero security bulletins for the browser. IE7 hit the market on October 18, 2006. Yesterday, December 12, 2006, the Redmond Company published a total of seven security bulletins as part of its monthly patch cycle. None of the security updates address Internet Explorer 7.

However, the same cannot be said about prior versions of the browser. In this regard, the Microsoft Security Bulletin MS06-072 is available containing a Cumulative Security Update for Internet Explorer (925454). The Internet Explorer cumulative December 2006 security update can be accessed via either Windows Update or the new Microsoft Update.

"This update addresses 4 security issues: 2 remote code execution vulnerabilities and 2 information disclosure vulnerabilities. This is a "Critical" update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1 except IE7 where the associated vulnerabilities do not affect this newer platform. IE security updates are cumulative and contain all previously released updates for each version of IE," stated Charles Watanabe, Microsoft Program Manager.

Microsoft also presented a list with the operating systems affected by the IE cumulative December 2006 security update: Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows XP Professional x64 Edition, Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1, Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 x64 Edition. As you can see, Windows Vista is absent from this list.

"I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft," concluded Watanabe.