When you hear the words Internet Explore and Critical in one sentence, you just have to stop and take notice. Microsoft’s default web browser is tied deep into all its operating systems.
Even if someone is using any of the alternate choices (Firefox, Chrome or Opera, for example) there may be some underlying applications that make use of Internet Explorer. Moral of the story is that it is always a good idea to deploy and install security fixes for IE — in any and all usage scenarios.
Microsoft has officially made the last Patch Tuesday update available for download a little while back, and among the various improvements is a critical fix for Internet Explorer.
The MS13-097 security bulletin resolves a total of seven vulnerabilities in all versions of IE. Luckily, all were privately reported so there are no exploits available in the wild that put these flaws to evil use.
As noted in the security advisory:
“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The update is flagged as Critical and is being rolled out for all current (read supported) versions of Internet Explorer — from Internet Explorer 6 all the way to Internet Explorer 11 — on Windows installations. On Windows Server operating systems, however, this is rated as Important.
Users are strongly recommended to install these new updates as soon as possible.