Microsoft releases Out-of-Band Security Bulletin for Internet Explorer

Microsoft has released an out-of-band security bulletin on 14 January 2013. The bulletin is to address the security vulnerability described in Security Advisory 2794220 which affects older versions of Internet Explorer.

The bulletin has been published with a severity rating of critical, and it addresses CVE-2012-4792. Internet Explorer versions 9-10 are not affected by this issue and it is encouraged to upgrade to the latest browser version where practical.

The NCSC recommends installing this update for Internet Explorer 6-8 as soon as it is available, it will be available through Windows Update, and the standard distribution channels. If automatic updates are enabled, no further action is required.  If you installed the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update. More information on the security bulletin can be found here.