Internet Explorer 9 has been pushed first to version 9.0.1 a couple of months ago, and now to v9.0.2 by two update packages released by Microsoft.
IE 9.0.2 is currently available through Windows Update as the August 2011 Cumulative Security Update for Internet Explorer, and IE 9.0.1 was also served automatically to users through WU as the June 2011 Cumulative Security Update for Internet Explorer.
Essentially, IE 9.0.2, as v9.0.1 before it, is nothing more than the result of the integration of a range of patches designed to fix security vulnerabilities affecting the browser. The version change reflects the fact that a number of security holes have been plugged.
No less than seven security vulnerabilities have been resolved by the patches packed inside the August 2011 Cumulative Security Update for IE.
“This security update resolves five vulnerabilities in Internet Explorer that were disclosed in coordination with Microsoft and two publicly disclosed vulnerabilities,” revealed Tyson Storey, Program Manager, Internet Explorer.
“The most severe vulnerabilities could allow remote code execution if a user visits a malicious, specially crafted Web page using IE. Users who run without administrative rights are more secure in general and should be less impacted than other users (…).
Microsoft has slapped a severity rating of Critical for the August 2011 Cumulative Security Update for IE6, IE7, IE8, and IE9.
Obviously, only customers running Windows 7 SP1, Windows 7 RTM and Windows Vista SP2, as well as their server equivalents, will be able to update to IE 9.0.2.
Customers running Internet Explorer 9 on top of Windows 7 need to know that only two of the vulnerabilities affecting their flavor of the browser are rated Critical, namely XSLT Memory Corruption Vulnerability - CVE-2011-1963, and Style Object Memory Corruption Vulnerability - CVE-2011-1964.
Another two vulnerabilities are rated Important and the remaining two just Moderate, with one of the IE security holes not affecting IE9 at all.
The Redmond company has labeled the August 2011 Cumulative Security Update for IE6, IE7, IE8, and IE9 as a priority in terms of deployment, and Microsoft advices customers to deploy the patches as soon as possible.
At the time of this article, no attacks targeting the IE vulnerabilities patched in August 2011 had been detected. Nonetheless, now that the patches are out there’s always an increase in risk associated with attackers reverse engineering the security updates and producing working exploits that can be used in attacks.
Internet Explorer Platform Preview 2 10.0.1008.16421 is available for download here.
Windows Internet Explorer 9 RTW for Windows 7 and Windows 7 SP1 is available for download below:
Cumulative Security Update for Internet Explorer 9 in Windows Server 2008 R2 x64 Edition (KB2559049)