As it had promised, Microsoft on Friday released two eagerly awaited updates for Internet Explorer, both addressing serious security issues.
Security update MS12-063
addresses the "critical" IE vulnerability described in Security Advisory 2757760, which has already resulted in some targeted zero-day attacks but has not been widely exploited. This update patches the vulnerability in Internet Explorer versions 6, 7, 8, and 9.
Earlier this week, Microsoft had published an advisory confirmed the vulnerability and on Wednesday issued a "Fixit," one of its automated configuration tools, to block the known exploits.
Users who have already enabled the shim do not have to uninstall it when they patch today, Microsoft said.
The second update
patches vulnerabilities in Adobe Flash player in Internet Explorer 10 on Windows 8 and Windows Server 2012.
Both updates will be delivered through Automatic Updates or can be manually installed.