Microsoft rolled out an update to their Internet Explorer web-browser, the security update "KB2699988" fixes a total of thirteen security vulnerabilities. All versions of IE were patched including the latest IE9.

Executive Summary

This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, HTML sanitization using toStaticHTML, the way that Internet Explorer renders data during certain processes, and the way that Internet Explorer creates and initializes strings. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.