As expected, Microsoft has released an out-of-band update to fix critical vulnerabilities present in all versions of Internet Explorer. This cumulative update includes as many as ten patches, including one for the critical Iepeers.dll vulnerability discussed earlier.
The afore mentioned vulnerability is currently being widely exploited by hackers to infect systems through drive-by downloads. In other words if you system is unpatched, simply visiting a compromised website is sufficient to get infected.
This is the second time this year that Microsoft has been forced to issue an out-of-band update. Earlier in January, it had issued an unscheduled update to fix a vulnerability, which was exploited in Operation Aurora. Microsoft Security Response group manager Jerry Bryant said, “Releasing the update early provides Internet Explorer 6 and 7 customers protection against the active attacks and provides users of all versions of Internet Explorer protection against nine other vulnerabilities”.
As mentioned earlier, this update applies to all versions of Internet Explorer. Most of the patches issues are critical or important. This patch does not however, fix the vulnerability that was exploited in the recent Pwn2Own competition to compromise a fully patched Windows 7 system.
Users who have disabled automatic update can download the appropriate files from here.