Microsoft today issued a critical security update for Internet Explorer after scrambling to patch a hole severe enough to cause the German government to warn the public to stop using the browser until the problem was fixed.
The flaw allows a hacker to take control of a computer after the user visits a malicious website. Microsoft says in its security bulletin that the patch fixes one publicly disclosed and four privately reported vulnerabilities in Internet Explorer 6, 7, 8, and 9.
“An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user,” the company says in a note accompanying the security update. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The patch will be applied automatically for people who use the automatic updating feature in Windows.
More details and instructions for manual patching are available here.