The IE Cumulative Security Update for December 2010 is now available via Windows Update. This security update resolves four privately reported vulnerabilities and three publicly disclosed vulnerabilities in Internet Explorer, and is rated as “critical” for IE6/7, and IE8.
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using IE. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The update addresses the vulnerabilities by modifying the way that IE handles objects in memory and script during certain processes. This update also addresses the vulnerability first described in Microsoft Security Advisory 2458511.”
For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.