This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
Even though the attack are only found in IE6, the vulnerability is actually exist in IE7 and 8 on almost all supported versions of Windows, including Windows 7.
This update addresses these vulnerabilities by modifying the way that IE handles objects in memory, validates input parameters, and filters HTML attributes. It also addresses the vulnerability first described in Security Advisory 979352.
If you have windows update configured to automatic update, the update will be downloaded automatically. You can just install it if you see the yellow shield icon popping up in the system tray in XP, and update notification in Windows Update in System and Security in Windows 7.
Or, please download the update and install it manually from this security update bulletin.