Microsoft patches IE9 with new security update

Microsoft has released a new update for Internet Explorer 9 that aims to patch several outstanding security holes.

Available through Windows Update since Tuesday, the security update is rated critical by Microsoft, which means that people who have Windows Update set to "install updates automatically" will automatically receive it.

Users who haven't enabled that option are advised to install the update manually from Windows Update. IT administrators who support large organizations should also apply the update with whatever patch management software they use in-house.

The update targets eight vulnerabilities in IE9, some of which could let a hacker remotely run code on a PC if the user visits a "specially crafted Web page" using Microsoft's browser. Such an exploit could allow someone to gain the same rights on the PC as the local user. The update specifically changes the way IE allocates and addresses memory, according to Microsoft's Security Bulletin.

Moving Internet Explorer 9 up to version 9.0.3, the update also fixes holes in earlier versions of IE, specifically 6, 7, and 8. A number of non-security related issues are resolved as well, including one that prevented users from changing the font size in Windows Mail after installing IE9 and another in which Windows 7 gadgets may not have worked properly.

This latest fix for IE is one component of a larger security update that Microsoft rolled out this week as part of its monthly Patch Tuesday program. Beyond resolving holes in the browser, the series of patches addressed vulnerabilities in Windows, Silverlight, and the .Net framework.

Ironically, the IE security fix comes at the same time that Microsoft has rolled out a new Web page that compares the security of the major browsers and found IE to be the most secure of them all.