The IE Cumulative Security Update for December 2009 is now available via Windows Update or Microsoft Update.
This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory. For detailed information on the contents of this update, please see the following documentation:
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7 (except when running on supported editions of Windows Server 2003 and Windows Server 2008), and Internet Explorer 8 (except when running on supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2). For Internet Explorer 7 and Internet Explorer 8 running on Windows servers as listed, this update is rated Moderate.
IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.
Billy Rios Program Manager Internet Explorer Security