This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft has suggested a few workarounds to block this vulnerability and has released a Fix It for temporarily fixing it. But this patch is the answer to completely secure the hole.
In addition to addressing the issue described in Security Advisory 2757760, this patch also resolves 4 privately disclosed vulnerabilities that are currently not being exploited.
This security update is rated Critical for IE 6-9 on Windows Clients, and Moderate on Windows Servers. IE 10 is not affected.
The patch has been released through Windows Update service as of today, Friday Sept. 21, 2012, as an out-of-routine update that occurs only when the matter is critical enough.