The IE cumulative December 2006 security update is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 4 security issues: 2 remote code execution vulnerabilities and 2 information disclosure vulnerabilities. For more information on the contents of this update, please see:
- Microsoft Security Bulletin: http://www.microsoft.com/technet/security/Bulletin/ms06-072.mspx
- Microsoft Knowledge Base article: http://support.microsoft.com/kb/925454
This is a “Critical” update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1 except IE7 where the associated vulnerabilities do not affect this newer platform. IE security updates are cumulative and contain all previously released updates for each version of IE.
Unrelated to today’s IE update, Microsoft released an Outlook Express update (MS06-076) that resolves an issue in the Outlook Express code that may affect some IE users.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.