Microsoft releases Important security update for Internet Explorer

Because of a recent widely publicized exploit, Microsoft has broken with its normal update schedule to release a cumulative update to Internet Explorer for all Windows versions. It’s being delivered through Windows Update and through Windows Software Update Services (the managed corporate version of Windows Update). For details, read Microsoft Security Bulletin MS10-002.

If you check Windows Update manually you’ll find it categorized as Important, with details specific to your Internet Explorer and Windows versions.

If you do nothing, the update will be delivered automatically, sometime in the next 24 hours.

Should you update immediately? There’s no harm in doing so, but there’s also no urgency for the average Windows user running a modern browser on a modern Windows version. At this point there are no reports of successful attacks against Internet Explorer 7 or 8 using this exploit code, and both Windows Vista and Windows 7 include important mitigations that seriously limit the effectiveness of any attempts to exploit it. In short, there’s little harm in waiting for the automatic update.

If you are using Internet Explorer 6, you should update to a later browser version as soon as possible, preferably IE8. If you must continue using IE6, then make sure this patch gets installed as soon as possible.