Because of a recent widely publicized exploit, Microsoft has broken with its normal update schedule to release a cumulative update to Internet Explorer for all Windows versions. It’s being delivered through Windows Update and through Windows Software Update Services (the managed corporate version of Windows Update). For details, read Microsoft Security Bulletin MS10-002.
If you check Windows Update manually you’ll find it categorized as Important, with details specific to your Internet Explorer and Windows versions.
If you do nothing, the update will be delivered automatically, sometime in the next 24 hours.
Should you update immediately? There’s no harm in doing so, but there’s also no urgency for the average Windows user running a modern browser on a modern Windows version. At this point there are no reports of successful attacks against Internet Explorer 7 or 8 using this exploit code, and both Windows Vista and Windows 7 include important mitigations that seriously limit the effectiveness of any attempts to exploit it. In short, there’s little harm in waiting for the automatic update.
If you are using Internet Explorer 6, you should update to a later browser version as soon as possible, preferably IE8. If you must continue using IE6, then make sure this patch gets installed as soon as possible.
Shame the update requires a reboot, I haven’t rebooted my Win7 desktop all year. π¦ Hehe π
Joking aside, it’s good to see MS respond to this quickly.
Ed Bott, there’s also an IE security patch for IE 5.01 SP4 under Win2000 SP4. Read Microsoft security bulletin MS10-002 carefully and you will find an IE 5.01 patch for it listed. Microsoft originally thought that IE 5.01 SP4 is not affected but I guess they changed their mind on that.
Having heard they apparently knew about the problem for months, I take back my praise for their quick response.
Leo, I agree and just wrote a new post on the topic at ZDNet:
http://blogs.zdnet.com/Bott/?p=1663
Good/fair post, I thought. FWIW!
I did get the windows update but not sure if my IE was updated.. in anyway an small update are dealing with fixing bugs I believe! π