Microsoft has issued an emergency security bulletin after finding previously unknown vulnerabilities in Internet Explorer. They recommend that you update your software now.
The vulnerabilities allow remote code execution in the Internet Explorer browser. From Microsoft:
This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP; Critical for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Vista; Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003; and Moderate for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.
The full text of the Microsoft security bulletin can be found here .
