14 DAY TRIAL // The latest batch of updates for Windows computers and other products from Microsoft brought along a series of security patches for Internet Explorer as well, to fix a series of flaws discovered to affect all versions of the application following IE6.
A total of five vulnerabilities were patched with this update; the most severe of them could allow remote code execution when a user visited specifically crafted webpages.
“An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user,” Tyson Storey, program manager, Internet Explorer, notes in a blog post.
“Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.”
To resolve this issue, Microsoft released the April 2012 Cumulative Security Update for Internet Explorer, currently available for download via Windows Update.
As part of this release, Microsoft pushed out the Internet Explorer (IE) 9.0.6 to supported systems, Tyson Storey also notes.
On Windows clients, the update is rated Critical for IE6, IE7, IE8 and IE9, while being deemed Moderate for Windows servers.
The security update is available now for download for all machines running Windows XP Service Pack 3, Windows Vista Service Pack 2, Windows 7, Windows 7 SP1, Windows Server 2003 SP2, Windows Server 2008 SP2, Windows Server 2008 R2 and Windows Server 2008 R2 SP1.
Specific info on the update was included in the Microsoft Security Bulletin MS12-023, which also details the extent to which various versions of Internet Explorer and Windows are affected.
“Most customers have enabled automatic updating and do not need to take any action. We recommend that customers, who have not enabled automatic updating, enable it (Start Menu, type “Windows Update”),” Storey continues.
“We recommend that administrators, enterprise installations, and end users who want to install this security update manually, apply the update immediately using update management software or by checking for updates using the Microsoft Update service.”