Microsoft has officially released the last Patch Tuesday updates of the year only a few hours ago, and among the improvements that are now being delivered to users, there’s also a critical fix for Internet Explorer.
According to Redmond itself, the MS13-097 bulletin is supposed to resolve a total of seven vulnerabilities in all versions of Internet Explorer, but the company claims that all have been privately reported, so there are no exploits out in the wild.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft said in a security advisory.
The update is flagged as “critical” for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients and as “important” for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers.
Just like all the other fixes released on Patch Tuesday, the Internet Explorer bulletin is being delivered via Windows Update, so no user input is recommended.
As you can see, all Internet Explorer versions are affected by the found vulnerabilities, which means that all users are strongly recommended to deploy the updates as soon as possible. It doesn’t really matter what version of Windows you’re currently on, as all seem to be affected, starting with the aging XP and ending with the newly-released Windows 8.1 that comes with Internet Explorer 11 installed by default.