Microsoft releases MS12-063 Update to address critical Internet Explorer security hole

Microsoft released security update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, you should apply this update as quickly as possible.

MS12-063 resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected.

MS12-063: Cumulative Security Update for Internet Explorer (2744842)

Affected Software:
Windows XP Service Pack 3:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8

Windows XP Professional x64 Edition SP2:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8

Windows Server 2003 SP2:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8

Windows Server 2003 x64 Edition SP2:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8

Windows Server 2003 with SP2 for Itanium-based Systems:
- Internet Explorer 6
- Internet Explorer 7

Windows Vista SP2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9

Windows Vista x64 Edition SP2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9

Windows Server 2008 for 32-bit Systems SP2: (Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9

Windows Server 2008 for x64-based Systems SP2: (Windows Server 2008 Server Core installation not affected)
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9

Windows Server 2008 for Itanium-based Systems SP2:
- Internet Explorer 7

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems SP1:
- Internet Explorer 8
- Internet Explorer 9

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems SP1:
- Internet Explorer 8
- Internet Explorer 9

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems SP1: (Windows Server 2008 R2 Server Core installation not affected)
- Internet Explorer 8
- Internet Explorer 9

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems SP1:
- Internet Explorer 8

References

No comments: