Microsoft is making available via Windows Update a refreshed version of its Internet Explorer (IE) 9 browser that incorporates a number of recently-released security fixes.
Starting on October 12, he October 2011 Cumulative Security Update (IE 9.0.3) is available on Windows Update. It will be delivered automatically to users who have Automatic Updates turned on. Microsoft is recommending administrators and others who apply manually updates to apply the refresh immediately using the Microsoft Update Service or other management software.
IE 9.0.3 resolves a number of privately reported vulnerabilities in IE 6, 7, 8 and 9, according to an October 12 blog post on the IE Blog.
According to the blog post, "the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights."
Microsoft labeled the IE security update as "critical for those using IE 9 on Windows clients and "moderate" for those using IE on Windows servers.
Microsoft pushed out similar cumulative updates for IE 9 with IE 9.0.1 in June 2011, and IE 9.0.2 in August 2011.
Microsoft published information on the latest round of IE vulnerabilities the same week that the company launched a marketing campaign for IE 9 that revolved around Microsoft's own claims that IE 9 is more secure than Chrome or Firefox.