Microsoft delivered the October 2011 cumulative security update via Windows Update which bring along with Internet Explorer 9.0.3 — that incorporates a number of recently-released security fixes.
Microsoft labeled the IE security update as “critical for those using IE 9 on Windows clients and “moderate” for those using IE on Windows servers.”
IE 9.0.3 resolves a number of privately reported vulnerabilities in IE 6, 7, 8 and 9, according to an October 12 blog post by Tyson Storey, Program Manager, Internet Explorer.
Adding, “Starting on October 12, he October 2011 Cumulative Security Update (IE 9.0.3) is available on Windows Update. It will be delivered automatically to users who have Automatic Updates turned on. Microsoft is recommending administrators and others who apply manually updates to apply the refresh immediately using the Microsoft Update Service or other management software.”
In the blog post Tyson notes, “the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.”
Microsoft published information on the latest round of IE vulnerabilities the same week that the company launched a marketing campaign for IE 9 that revolved around Microsoft’s own claims that IE 9 is more secure than Chrome or Firefox.
You can read the rest of the Patch Tuesday article and watch the webcast here.