April 2011 Cumulative Security Update for Internet Explorer Now Available

The April 2011 Cumulative Security Update for Internet Explorer is now available via Windows Update. This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerabilities.

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, content during certain processes, and script during certain processes. For more information about the vulnerabilities, see the full bulletin. 

The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

—Tyson Storey, Lead Program Manager, Internet Explorer

Comments

• Anonymous
  April 13, 2011
  @Mark Feetham [MSFT]     or  IE Team people..   Make plugins for IE we want plugins.. listen to the users for once you say you do but i haven't seen you guys listen you all talk about stuff you want.   Mozilla listens to the users ideas for Firefox and just look how many users they have. Maybe if microsoft would just listen..... :( sad microsoft never listens as i see

• Anonymous
  April 13, 2011
  @Mario(1): You mean like http://www.ieaddons.com/

• Anonymous
  April 13, 2011
  @Stephen E. Baker   Yeah sort of but there is no Echofon add-on.  Echofon Said They will maybe never make an add in ActiveX since it can be hacked in less then 1 hour.  ActiveX is fine but it is old.  Microsoft needs to Retire ActiveX cause no other webbrowser uses it any more.

• Anonymous
  April 13, 2011
  Hello Microsoft Take your time IE10 don't rush like you did IE9.. all i request is IE10 to be fast and have modern day add-ons.

• Anonymous
  April 13, 2011
  WHAT ? IE10 ? Didn´t you have just launched IE9 ? are you kidding me ? This is not serious at all. We can support 2 stable versions at the same time. IE6 deprecated, IE7 deprecated ? IE8 deprecated ? You are so funny IE, shame on you. The shame of the Internet

• Anonymous
  April 14, 2011
  @Mario(1): ActiveX is not per se insecure or hacked in less than 1 hour, because it depends on the implementation. So if Echofon would want to build a secure IE add-on they certainly could.

• Anonymous
  April 14, 2011
  The comment has been removed