The IE Cumulative Security Update for December 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses four remote code execution vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer validates parameters, handles the error resulting in the exploitable condition, and handles extra data when embedding objects in Web pages. For detailed information on the contents of this update, please see the following documentation:
This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on Microsoft Windows 2000; Internet Explorer 6 running on Windows XP; and Internet Explorer 7. For Internet Explorer 6 running on Windows Server 2003, this security update is rated Moderate. Beta versions of Internet Explorer are not vulnerable.
IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.
Terry McCoy Program Manager Internet Explorer Security
Update 12/10 - Correcting the KB article number.